-
Kaspersky report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 28, 2007 10:06:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 29/09/2007
Kaspersky Anti-Virus database records: 424844
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 128260
Number of viruses found: 9
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 01:42:31
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Confdntl.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Spam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\WebHist.log Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\f2zqa5dt.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\f2zqa5dt.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\f2zqa5dt.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\f2zqa5dt.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\f2zqa5dt.default\history.dat Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\f2zqa5dt.default\parent.lock Object is locked skipped
C:\Documents and Settings\Dave\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\MSHist012007092820070929\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SymNeti1000.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SymNeti1001.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SymNeti1002.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SymNeti1003.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SymNeti1004.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SymNeti1005.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Norton Personal Firewall\nisum.dat Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.cpj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\capcom\nab22011.exe.vir/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\capcom\nab22011.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cfig322\icm33o.exe.vir Infected: Trojan-Downloader.Win32.Small.fky skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drvr2\bbc002nws.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\qoobox\Quarantine\catchme2007-09-26_201256.32.zip/opnmnmn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\catchme2007-09-26_201256.32.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP666\A0065656.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP683\A0071676.exe Infected: Trojan-Downloader.Win32.Agent.cpj skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP683\A0071677.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP683\A0071679.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\A0072089.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\A0072090.exe Infected: Trojan-Downloader.Win32.Small.fky skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\A0072091.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\A0072091.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\change.log Object is locked skipped
F:\System Volume Information\_restore{823F857B-7DEA-4843-93BF-9635631C2224}\RP688\change.log Object is locked skipped
Scan process completed.
-
Retired Security Volunteer
Hi,
Using windows explorer, delete the following folders:
C:\Documents and Settings\Dave\Desktop\SmitfraudFix
C:\qoobox <<Combofix's quarantine.
Empty your recycle bin.
Reboot, post a fresh HijackThis log and tell me how's your machine running.
AngelFire777
Proud member of UNITE and ASAP since 2006.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:58 PM, on 9/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\FUCKSP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 4435 bytes
Everything's running fine now. I really appreciate your help.
-
Retired Security Volunteer
Congratulations! Your log looks clean!
One last thing I want you to do is to update your machine to Sp2 but before we do that, can you do this first:
Download a diagnostic tool (MGADiag.exe) from >here< and save this to your Desktop.
Double-click on MGADiag.exe.
When the program has finished, click on the Validation tab and then click on Copy to Clipboard
Please post the results in your next reply.
Last edited by Angelfire777; 2007-09-30 at 02:24.
AngelFire777
Proud member of UNITE and ASAP since 2006.
-
Retired Security Volunteer
AngelFire777
Proud member of UNITE and ASAP since 2006.
-
Diagnostic Report (1.7.0039.0):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Detailed Status: N/A
Cached / Grace status: N/A, N/A
Windows Product Key: *****-*****-CFFCC-J8GFP-Y6RVG
Windows Product Key Hash: 4BrUPwxpQagfcB3QKvlGyuZaDkU=
Windows Product ID: 55277-OEM-2115336-15582
Windows Product ID Type: 3
CSVLK Server: N/A
CSVLK PID: N/A
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.1.0.hom
ID: {A7128E6B-A952-412E-BA02-9DDA0A783AB6}(3)
Is Admin: Yes
Commit / Reboot / BRT: N/A, N/A, N/A
WGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A
Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-2993-80070002
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A7128E6B-A952-412E-BA02-9DDA0A783AB6}</UGUID><Version>1.7.0039.0</Version><OS>5.1.2600.2.00010300.1.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-Y6RVG</PKey><PID>55277-OEM-2115336-15582</PID><PIDType>3</PIDType><SID>S-1-5-21-1454471165-492894223-839522115</SID><SYSTEM><Manufacturer>VIA Technologies, Inc.</Manufacturer><Model>PM800-8237</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="2"/><Date>20040525******.******+***</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>D71132D701842263</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>109</Result><Products/></Office></Software></GenuineResults>
-
Retired Security Volunteer
Hi,
Not sure why validation won't work but I want you to be honest with me..Is this a legit copy of Windows XP?
AngelFire777
Proud member of UNITE and ASAP since 2006.
-
-
Retired Security Volunteer
Ok. Make sure you download SP2 with IE7 from here: http://www.microsoft.com/downloads/d...DisplayLang=en
and install it. If you don't, chances of reinfection is very high.
This is a good time to clear your existing system restore points and establish a new clean restore point:- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and Ok it.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.
MVPS Hosts File
~You can download it from here
~I highly recommend this hosts file. You can learn more about this here
IESpyAds
~Instructions on downloading and using it here
Note: This only works for Internet Explorer.
Install SpyWare Blaster
~You can download it from here
~You can read the tutorial on how to use Spyware Blaster here
Install WinPatrol
~You can download it from here
~You can get some information about how WinPatrol works here
Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?"
Happy safe surfing!z
AngelFire777
Proud member of UNITE and ASAP since 2006.
-
Retired Security Volunteer
Glad we could be of assistance
Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
AngelFire777
Proud member of UNITE and ASAP since 2006.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules