PDA

View Full Version : BAT/Fake.Privdanger, zlob.downloader.vcd & SPR/AdTool.WhenU.A problem please help.



Matthew03
2008-03-21, 09:31
- BAT/Fake.Privdanger always pops up and I always quarantine it. I'm using Avira btw.
- zlob.downloader.vcd it won't disappear even if spybot says it's fixed.
- SPR/AdTool.WhenU.A it's the same as BAT/Fake.Privdanger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:23 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54ae9386-48a5-445a-b4d2-2abd1ab820e0} - C:\WINDOWS\system32\efsomn.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)
O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~1\MediaBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: etlrlws - {F6960268-5DC1-40B2-A236-F380F3329D7B} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpyClean] D:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] D:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: &Download All by Gigaget - D:\Program Files\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - D:\Program Files\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.ph/com/EGamesPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CEDAAF-7FAF-4532-B4E9-87174755A7CB}: NameServer = 58.69.254.44 58.69.254.46
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\pmkjkjg.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: efsomn - efsomn.dll (file missing)
O21 - SSODL: bokpkov - {44211AC0-BB5F-49F3-BD0E-B359FD45A1DD} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {516941C7-178B-4A05-8652-C2561CB0E290} - C:\WINDOWS\altvxvm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - D:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12041 bytes

roberto
2008-03-21, 13:48
Hi,

Run HijackThis and place a check beside each of the following. Detete all entries:

O2 - BHO: (no name) - {54ae9386-48a5-445a-b4d2-2abd1ab820e0} - C:\WINDOWS\system32\efsomn.dll (file missing)
O3 - Toolbar: etlrlws - {F6960268-5DC1-40B2-A236-F380F3329D7B} - C:\WINDOWS\etlrlws.dll (file missing)
O20 - Winlogon Notify: efsomn - efsomn.dll (file missing)
O21 - SSODL: bokpkov - {44211AC0-BB5F-49F3-BD0E-B359FD45A1DD} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {516941C7-178B-4A05-8652-C2561CB0E290} - C:\WINDOWS\altvxvm.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Run Spybot S&D, download Updates including Beta. Run scan.

Delete files:
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\altvxvm.dll

Delete folder:
C:\WINDOWS\privacy_danger

Download RootAlyzer, unzip, run a deep scan:
http://www.spybotupdates.com/files/rootalyz.zip

Run a full scan with an antivirus software on all your drives.

Kind regards,
roberto.

Matthew03
2008-03-21, 14:16
Hi,

Run HijackThis and place a check beside each of the following. Detete all entries:

O2 - BHO: (no name) - {54ae9386-48a5-445a-b4d2-2abd1ab820e0} - C:\WINDOWS\system32\efsomn.dll (file missing)
O3 - Toolbar: etlrlws - {F6960268-5DC1-40B2-A236-F380F3329D7B} - C:\WINDOWS\etlrlws.dll (file missing)
O20 - Winlogon Notify: efsomn - efsomn.dll (file missing)
O21 - SSODL: bokpkov - {44211AC0-BB5F-49F3-BD0E-B359FD45A1DD} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {516941C7-178B-4A05-8652-C2561CB0E290} - C:\WINDOWS\altvxvm.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Run Spybot S&D, download Updates including Beta. Run scan.

Delete files:
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\altvxvm.dll

Delete folder:
C:\WINDOWS\privacy_danger

Download RootAlyzer, unzip, run a deep scan:
http://www.spybotupdates.com/files/rootalyz.zip

Run a full scan with an antivirus software on all your drives.

Kind regards,
roberto.


Hello sir roberto,
I can't delete the:
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\altvxvm.dll
because Spybot - S&D keeps popping up with the options (Allow change and Deny change) if i click deny change it won't stop popping up. Please help.

Matthew03
2008-03-21, 15:13
Well, I was scanning my drives when a virus appeared.
"C...\desktop_background" something like that and I put it in the quarantine. The virus is called "BAT/Fake.Privdanger" well 1 thing is for sure it wont go out of my system.

Matthew03
2008-03-22, 07:09
Delete files:
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\altvxvm.dll

Hello again roberto, I can't delete the
O21 - SSODL: bokpkov - {44211AC0-BB5F-49F3-BD0E-B359FD45A1DD} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: altvxvm - {516941C7-178B-4A05-8652-C2561CB0E290} - C:\WINDOWS\altvxvm.dll
I scanned it with AVG and I rebooted but it was not deleted.

roberto
2008-03-22, 11:44
Hi,

What Spybot S&D version are you using? Did You update your Spybot S&D with the Beta detection rules?

I need the exact dialog or error messages to give you further assistance.

Please run HijackThis, press "Do a system scan only"-Button.

Place a check beside each of the following entries:

> O21 - SSODL: bokpkov - {44211AC0-BB5F-49F3-BD0E-B359FD45A1DD} - C:\WINDOWS\bokpkov.dll
> O21 - SSODL: altvxvm - {516941C7-178B-4A05-8652-C2561CB0E290} - C:\WINDOWS\altvxvm.dll

In "Scan & Fux stuff"-Section please press "Fix checked"-Button.

In Dialog "Fix 2 selected items? This will permanently delete and/or repair what you selected."
please press "Yes"-Button to confirm rapairing/deleting of selected items.

Regarding "allow change" and "deny change". Do you mean the TeaTimer dialog? What does the dialog exactly say? Did you try allow change? What happens then?

If it doesn't work out please reboot your PC in safe mode (by pressing f8-key during the boot sequence), search for the malware files and try to rename them in bokpkov_dll and altvxvm_dll manually, delete them, reboot your system.

Kind regards,
roberto.

Matthew03
2008-03-22, 15:51
The TeaTimer says:
Spybot-SD Resident
61079 processes blaclisted
App: D:\Program Files\Spybot - Search Destroy\
Data: C:\Documents...

When I allow the change, the annoying Allow Change/Deny Change thingy goes away. But if I keep on Denying it, it keeps coming back.

Matthew03
2008-03-22, 17:29
After i deleted the 2 files in C:\WINDOWS..
I scanned my pc with Spybot S & D I found:
• Zlob.Downloader.sg
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm
• Smitfraud-C.gp
- C:\Documents and Settings\Mike\Favorites\Error Cleaner.url
- C:\Documents and Settings\Mike\Favorites\Privacy Protector.url
- C:\Documents and Settings\Mike\Favorites\Spyware&Malware Protection.url
• Zlob.Downloader.vcd
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin
• Cache | 1 entry
• Common Dialogs | 1 entry
• Cookie | 2 entries
• History | 1 entry
• Log | 23 entries

On AVG Anti-Spyware 7.5
• Not-A-Virus.Adware.Vapsup | Risk: Low

That's all that I found. I checked them all and Fixed them(Spybot). And on AVG, I deleted it.

Matthew03
2008-03-23, 09:47
My second scan using Spybot S&D:

• Zlob.Downloader.sg(Autorun settings)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm

That came up again. And I Denied Change it.

Btw, why does my Spybot S&D hang?I mean after I click the "Fix selected problems". It mostly hangs.

Matthew03
2008-03-25, 06:33
Bump.....

Please do not bump

roberto
2008-03-25, 17:22
Hi,

there must be a unknown file which reinstalls the infection.

Please run a Kaspersky Online Scan and post next the report.

Kind regards,
Roberto.

Matthew03
2008-03-26, 18:10
Uhmm..I don't know if this is right.

file:///C:/Documents%20and%20Settings/Mike/My%20Documents/Matthew/kas%20report.html

Matthew03
2008-03-26, 18:11
Thursday, March 27, 2008 12:00:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/03/2008
Kaspersky Anti-Virus database records: 664627
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Mike\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 24708
Number of viruses found 6
Number of infected objects 17
Number of suspicious objects 0
Duration of the scan process 00:42:31

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Nokia 5610 XpressMusic USB Modem.txt Object is locked skipped
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2D06F699-7FDD-4A38-84D2-122BEA026EBD}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\fla56C.tmp Object is locked skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\MCLLog.txt Object is locked skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\MMCULog.txt Object is locked skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\Perflib_Perfdata_144.dat Object is locked skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file01 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file02/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file02 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file18 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file44 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file45 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe/file83 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp/~freesetup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\ztv1A.tmp ZIP: infected - 8 skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~DF8CB5.tmp Object is locked skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file01 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file02/file01 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file02 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file18 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file44 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file45 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe/file83 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\DOCUME~1\Mike\LOCALS~1\Temp\~freesetup.exe Inno: infected - 7 skipped

Matthew03
2008-03-29, 08:46
Bump........

tashi
2008-04-10, 10:05
Hello Matthew03,

Two topics started the same day and bumps, quite confusing. http://forums.spybot.info/showthread.php?p=174952#post174952

For future reference please read the stickies before starting a topic, thank you.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

If you still need assistance please use this topic:
The Waiting Room: Post here if waiting for help four days (http://forums.spybot.info/forumdisplay.php?f=37)