View Full Version : XPDX wont delete
I've been searchingr an answer to this and i jus cant find it so im gonna try to post the logs and such. What do i need to do to get rid of XPDX.sys, windows cant find the specified file when i try to delete it even though it shows it. What do i need to post in order to get rid of this bug.
Thanks in advance, Tcanuth
Alright, heres my Kaspersky Report...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 04, 2007 6:00:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/12/2007
Kaspersky Anti-Virus database records: 472632
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 92464
Number of viruses found: 17
Number of infected objects: 58
Number of suspicious objects: 0
Duration of the scan process: 01:33:38
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS020D2D8E-569F-4D3B-94DB-05A7B09383C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS036AEDB9-5973-4C3F-BC21-01B2FA9853C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0546B121-0341-40A2-B35D-3D85302B8F5D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS077A66D3-301C-47B2-8A6A-FF118C41508B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07F92034-2D0F-4553-98CE-81543A6789C4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CA86AB0-27F9-4606-98E3-E5863ECD5DAE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EF3E929-E54F-4E10-93DB-17EC07DC268D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS104784A5-63A5-4D76-9C1D-E0B4E9DEDE3B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12BABBDD-01A6-4BBA-A957-6941ED31BC26.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1368A2A2-650F-4BCF-9DC3-729AF842A98B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14F586F3-A2A7-49B8-ADA3-9A13872FB842.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19186942-D10F-459C-80F6-F5886176D4F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS236F0EB4-4893-4EA4-B76A-E4F45C0015CC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS24E23C43-2E04-4272-8A64-DB2EC47A4B1E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2649246A-8B03-400C-9214-AA05B87BFAF7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B461FE3-F15F-45E8-9857-2F00FD5BC7EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F6FFF8C-5E7A-476A-888C-3E4963190ED5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS31DDAE84-B5BD-4D68-9BBC-4459AF4B6EE1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS343AB718-D757-403B-85FE-12600FAB7CBC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS37FA92EB-169B-4371-BBD2-D0EFD254F60D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38F6BC62-80EC-49AD-8A5C-1502D511E85A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3AE13B43-A9C2-4636-A77F-D77B3D8BE991.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DA171D6-E347-4F68-9077-591C10863C18.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F847EC7-F9D1-49E3-9567-B0E8F3D3DE0D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS402597C9-E002-42B9-8BB8-21359537A04F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS426D76CC-4F85-4D45-8080-7AF4E223E4B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS482842A7-477E-40FC-A791-B4E114344AE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4AE5D27D-07F8-4D3D-B4BF-09C3948A44C2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B539AA7-743B-46AA-BB28-700034489B22.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4C523F22-7640-4727-83DD-79ED182BE70F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4DD7D7B4-A411-4650-885B-5561CE336D32.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F1B6C15-9A81-4588-BECB-257E152EF587.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS50136BA2-BDCD-485A-B96E-BD752477F533.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS522124A5-FCCF-4310-9EB6-56B3A8359279.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5266BB48-3165-4BD6-8DAD-429204EDA981.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS539BF359-6FEC-4B6B-8F9B-587081791B81.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58E7FC61-B7D1-4389-9D7E-4B40C8DB4A05.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58E876F1-C893-4106-8D96-A4C9FA7E6A4C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5B6BF3DF-95B9-4614-AC63-97DD3DAD3556.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6132ADB7-66A6-476B-925D-4948AE20255F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6206AEF0-A68B-41A8-9117-91AA6D2041EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F6554FF-2FC6-4D11-9A89-D3D6D5BDBE69.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS736DEE5A-4F8E-46F2-B425-D7756CD47FC2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS775D2B4E-5619-48DA-AC2A-6C72C1BD2E95.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7E179AF1-CD4E-48BB-BBD2-C61BC8F4A8B1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FAB243D-A8C4-4EE7-8FEB-3416B20EB4AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS81F33654-0849-4B20-9277-7CA065D8AEB2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83BC1CF0-34AF-4ED9-B38F-454DFC71B069.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85563BB0-FB69-4260-9BFD-725D8902E910.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8611DF2B-2202-40AA-A603-F56CA683C511.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88B477A3-E892-4539-8CB0-52ABA4807EC5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8EC12CE2-52FD-4701-B570-AC590EBE4BFE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9085E0CD-A9AA-49E7-9337-28719D98F935.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95A240DB-AA71-44E6-B04D-F0A7E250299F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS999B7998-7D04-45DE-8772-F0BE76238E66.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA00555CF-9480-4E27-B991-7207C2B7B4B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA00CAF6F-2AF2-4203-B221-C2CD8243BCDA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1CBD90C-7C63-44DF-BA1F-5EBAEA121057.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2483ABA-B4FD-49F4-88E0-222C4EEA1C44.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4F2C5BE-5B9D-44BB-868B-45D46A097ECA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4F6D46C-9465-4B7D-9223-89F43628AE14.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7A32E9C-765D-4D15-A08C-FB77B639F806.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFEF6B1F-D1E8-4473-A0CE-5E7EB47587B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB0475F0A-B94B-43DF-9A90-6068FF1E606F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB223D6F2-9E0C-4B88-9A7C-5F8E9DCDBBB6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6FBABE3-7980-4C5F-AFB6-FFE71F56C507.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC9DA1ED-A193-46EF-9DD2-700B84432030.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCB0F7E3-F1AB-487D-B65D-67D48877FEDA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5CEFFEA-2B9E-4D7B-A544-4A3659B8609F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6D426E6-35CB-4E38-886D-15E6FA6C375F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7A2AD2B-B87A-48CF-A632-8B80D9511600.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD2DE7DC-71DC-4CD7-A1C5-AF2DFD9B9FE8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE3BCE13-3DA8-46D0-B041-6F4131B39582.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5192E52-03B1-4887-BBAD-F1883EBA6D50.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD59B067F-02D1-4FEA-A1E2-01B58A458A35.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7C32B0C-95C4-4B50-889E-CC7886EC182A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD8941BDA-0ED7-4A21-BB3A-962C2B498BE7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB786F61-2F17-4B93-9EED-DD55A7469A40.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDD0B6316-0C22-42F9-A8C5-2B957D9DA7F7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDF461C21-400B-4525-AD9E-FB3ADC57981E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE31463F1-2C97-4163-8DB4-1C83C3D6096A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE370F603-0F6D-49DE-B516-FF8263514CE4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE643D353-EB7E-4605-9DC6-85EE59F6DAE5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF09FBE2B-52B6-42D8-86AC-6BBC02C7C588.tmp Object is locked skipped
******continued******
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0CEE020-51D0-4E6B-8339-12301F91667C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF20EE1D7-BD8C-4B1D-A13C-21C9555F3CFB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3111200-2791-471A-9C53-6CE6FCF3A47F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF38A8176-48D6-4990-AAE6-7885F3EBAA67.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF4D96929-4D13-4B96-948A-141A76C9E975.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA9DBA19-DC85-4262-A285-FA11BB002A01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE3C2F92-2AE1-43B4-B829-A49BF2C9D56A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-7e7cb4f1.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-7e7cb4f1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-363bd4be.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-363bd4be.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\071204020358.ses Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Crap\villager keygen Share Accelerator(1)\ShareAcceleratorMM_SS0502.EXE/WISE0015.BIN/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Owner\Desktop\Crap\villager keygen Share Accelerator(1)\ShareAcceleratorMM_SS0502.EXE/WISE0015.BIN/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Owner\Desktop\Crap\villager keygen Share Accelerator(1)\ShareAcceleratorMM_SS0502.EXE/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Shopper.k skipped
C:\Documents and Settings\Owner\Desktop\Crap\villager keygen Share Accelerator(1)\ShareAcceleratorMM_SS0502.EXE WiseSFX: infected - 3 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007120420071205\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\dlwixoql.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\dmukfaru.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Owner\Local Settings\Temp\dswtmhmj.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\itsjqxxb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Owner\Local Settings\Temp\mofugclq.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\qrjatydi.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\rhvqsuwb.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\urclqecd.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\vntmrykt.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\xqedqkpr.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFB08C.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFB2AC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD06E.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD09C.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9LO7BZF1\gsttddrr[1].txt Infected: Trojan.Win32.Agent.csm skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9LO7BZF1\pochki20071106[1] Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\H05CSJBJ\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K33XCJ9Z\snkkh[1].htm Infected: Trojan-Proxy.Win32.Agent.se skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K33XCJ9Z\upd32_v14[1] Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXY95D44\Command_and_Conquer_Generals_CD_Key_Generator.zip[1].exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bho skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXY95D44\Command_and_Conquer_Generals_CD_Key_Generator.zip[1].exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXY95D44\Command_and_Conquer_Generals_CD_Key_Generator.zip[1].exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.ks skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXY95D44\Command_and_Conquer_Generals_CD_Key_Generator.zip[1].exe/data.rar Infected: Trojan.Win32.Inject.ks skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXY95D44\Command_and_Conquer_Generals_CD_Key_Generator.zip[1].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U7VXL3RS\Install4[1].exe Infected: not-virus:Hoax.Win32.Renos.lh skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bho skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe/data.rar/crack.exe Infected: Trojan.Win32.Inject.ks skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe/data.rar Infected: Trojan.Win32.Inject.ks skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WHT519RF\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\gjuaux.exe Infected: Trojan-Proxy.Win32.Agent.se skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP363\A0030333.exe Object is locked skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP363\A0030334.exe Object is locked skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP363\A0030335.exe Object is locked skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP363\A0030371.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP364\A0030410.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP364\A0030414.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP365\A0030514.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP365\A0031514.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP365\A0031521.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP365\A0031529.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP365\A0031578.sys Infected: Trojan-Proxy.Win32.Agent.ox skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP366\A0031593.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP366\A0031594.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{721324BC-FEA9-4CD2-99BD-6174706F063D}\RP366\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{690C9938-1703-41D8-B220-39D8BDA61BC7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\egaqlcht.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\faldshzk.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kdscc.exe Infected: Packed.Win32.PolyCrypt.b skipped
C:\WINDOWS\system32\kdxrlkhy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\ljjgggd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bhp skipped
C:\WINDOWS\system32\mngqtruh.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\mp3avi.dll Infected: Trojan-Downloader.Win32.Delf.cig skipped
C:\WINDOWS\system32\rextxcjr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\sbywwkpy.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\vhkmjuuh.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winzoa32.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\system32\wszipplv.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\xpdx.sys Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
And my HJT Report...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:26 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\wsnpoem.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vhkmjuuh.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [50f63244] "rundll32.exe" "C:\WINDOWS\system32\kdxrlkhy.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5563 bytes
pskelley
2007-12-08, 20:21
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
First, be aware of this policy:
Note: We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe/data.rar/keygen.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UOJCW1QZ\Command_and_Conquer_Generals_Keygen.zip[1].exe/data.rar/crack.exe
You have a Vundo infection which can be very hard to remove. This will take some time and unless you are patient, understand how to follow directions and are comfortable working on your computer, you may want to seek local professional help. If you wish to proceed, read and follow the directions carefully.
And that's not the worse of the news, you also have a backdoor trojan:
http://www.prevx.com/filenames/X1293213303825781019-0/WSNPOEM.EXE.html
http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.Small.lu&threatid=70959
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
Please let us know what you have decided to do in your next post.
Thanks