drive cleaner 2006

Hi

You are supposed to run kaspersky online scan, not to install kaspersky antivirus.

That doesn't require any uninstallation.
 
gotcha.. here goes..



KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 17, 2007 8:08:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384691


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 19562
Number of viruses found 5
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 00:30:55

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\ActiveScan\imscan.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenichp.exe/HomePage.exe Infected: Trojan.Win32.StartPage.ags skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenichp.exe Infected: Trojan.Win32.StartPage.ags skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenicid.exe Infected: Trojan.Win32.StartPage.ame skipped

C:\WINDOWS\system32\fullsrbndl.exe/2scenicms.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe/install.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe/uninstall.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/4scenicwu.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bw skipped

C:\WINDOWS\system32\fullsrbndl.exe InstallCreator: infected - 8 skipped

C:\WINDOWS\system32\fullsrbndl.exe UPX: infected - 8 skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\uninstall.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\AcrC211.tmp Object is locked skipped

C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\~DF7B9C.tmp Object is locked skipped

C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\~DF8A6B.tmp Object is locked skipped

Scan process completed.
 
gotcha.. here goes..



KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 17, 2007 8:08:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384691


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 19562
Number of viruses found 5
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 00:30:55

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\ActiveScan\imscan.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenichp.exe/HomePage.exe Infected: Trojan.Win32.StartPage.ags skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenichp.exe Infected: Trojan.Win32.StartPage.ags skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenicid.exe Infected: Trojan.Win32.StartPage.ame skipped

C:\WINDOWS\system32\fullsrbndl.exe/2scenicms.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe/install.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe/uninstall.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/4scenicwu.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bw skipped

C:\WINDOWS\system32\fullsrbndl.exe InstallCreator: infected - 8 skipped

C:\WINDOWS\system32\fullsrbndl.exe UPX: infected - 8 skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\uninstall.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\AcrC211.tmp Object is locked skipped

C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\~DF7B9C.tmp Object is locked skipped

C:\DOCUME~1\BLAIRS~1\LOCALS~1\Temp\~DF8A6B.tmp Object is locked skipped

Scan process completed.
 
hey bud.. here is one more... i'm going to las vegas until next thursday... wish me luck !

thanks for the help..



KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 17, 2007 11:03:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/08/2007
Kaspersky Anti-Virus database records: 384691


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 49925
Number of viruses found 15
Number of infected objects 57
Number of suspicious objects 0
Duration of the scan process 02:48:19

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\blair smith\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\blair smith\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\History\History.IE5\MSHist012007071720070718\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Temp\AcrC211.tmp Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Temp\~DF7B9C.tmp Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Temp\~DF8A6B.tmp Object is locked skipped

C:\Documents and Settings\blair smith\My Documents\My eBooks\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\blair smith\My Documents\My eBooks\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\ntuser.dat Object is locked skipped

C:\Documents and Settings\blair smith\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Gnutella Turbo\Downloads\gnutella_turbo_free[1].exe/file145 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Program Files\Gnutella Turbo\Downloads\gnutella_turbo_free[1].exe Inno: infected - 1 skipped

C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\QooBox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir Infected: Trojan.Win32.Small.oa skipped

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\dhrnopqs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\gwjeylqh.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\hifeenyp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ihropfgu.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jrvrcrvl.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jybdrebn.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\kdhgn.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mbgsxtxm.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mbmywqkn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nwdonctd.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\oqwvixsy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\osgchsbs.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\phcgpgff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\teyrunrr.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wmqgsjds.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\xpnxnerg.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ygflclro.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\QooBox\Quarantine\catchme2007-07-14_153913.37.zip/gebawtu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\catchme2007-07-14_153913.37.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP938\A0164321.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP938\A0164322.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP938\A0164330.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0164399.exe/file32 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0164399.exe Inno: infected - 1 skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0164416.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0165341.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0165346.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0165390.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165558.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165559.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165561.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165562.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165564.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166594.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166595.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166596.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166597.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166598.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166599.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166600.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166602.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166604.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.la skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166606.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166608.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166609.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166610.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166611.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166612.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166613.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166614.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166620.exe Infected: Trojan.Win32.Small.oa skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP956\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\ActiveScan\imscan.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

Scan was interrupted by user!
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
hey bud.. here is a complete one.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 25, 2007 9:45:11 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/08/2007
Kaspersky Anti-Virus database records: 388954


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 55190
Number of viruses found 14
Number of infected objects 26
Number of suspicious objects 0
Duration of the scan process 23:26:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\blair smith\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\blair smith\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\History\History.IE5\MSHist012007072420070725\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Temp\~DFB8C7.tmp Object is locked skipped

C:\Documents and Settings\blair smith\Local Settings\Temp\~DFEAB8.tmp Object is locked skipped

C:\Documents and Settings\blair smith\My Documents\My eBooks\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\blair smith\My Documents\My eBooks\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\blair smith\ntuser.dat Object is locked skipped

C:\Documents and Settings\blair smith\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Gnutella Turbo\Downloads\gnutella_turbo_free[1].exe/file145 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Program Files\Gnutella Turbo\Downloads\gnutella_turbo_free[1].exe Inno: infected - 1 skipped

C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\QooBox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\dhrnopqs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jybdrebn.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\lofvdtyi.dll.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mbmywqkn.dll.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\osgchsbs.exe.vir Infected: Trojan.Win32.Agent.aoy skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\phcgpgff.dll.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\teyrunrr.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\wmqgsjds.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\xpnxnerg.exe.vir Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ygflclro.exe.vir Object is locked skipped

C:\QooBox\Quarantine\catchme2007-07-14_153913.37.zip/gebawtu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\catchme2007-07-14_153913.37.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP938\A0164321.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP938\A0164322.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP938\A0164330.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0164399.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0164416.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0165341.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0165346.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP939\A0165390.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165558.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165559.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165560.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165561.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165562.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165563.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP945\A0165564.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP949\A0166546.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP949\A0166547.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166594.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166595.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166597.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166598.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166599.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166600.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166601.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166602.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.lh skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166603.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166604.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166605.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166607.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166611.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166612.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166613.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166614.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166620.exe Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP952\A0166629.dll Object is locked skipped

C:\System Volume Information\_restore{92B94E0B-1C6E-4356-AB3D-6EFF1605FE52}\RP956\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\ActiveScan\imscan.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenichp.exe/HomePage.exe Infected: Trojan.Win32.StartPage.ags skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenichp.exe Infected: Trojan.Win32.StartPage.ags skipped

C:\WINDOWS\system32\fullsrbndl.exe/1scenicid.exe Infected: Trojan.Win32.StartPage.ame skipped

C:\WINDOWS\system32\fullsrbndl.exe/2scenicms.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe/install.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe/uninstall.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/3scenices.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\fullsrbndl.exe/4scenicwu.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bw skipped

C:\WINDOWS\system32\fullsrbndl.exe InstallCreator: infected - 8 skipped

C:\WINDOWS\system32\fullsrbndl.exe UPX: infected - 8 skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\uninstall.exe Infected: not-a-virus:AdWare.Win32.EShoper.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_1c0.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hi

Uninstall via add/remove programs:

MorpheusBar or similar

Empty this folder:

C:\QooBox\Quarantine\

Delete these:

C:\Program Files\Gnutella Turbo\Downloads\gnutella_turbo_free[1].exe
C:\Program Files\Morpheus\morpheustoolbar.exe
C:\Program Files\MorpheusBar
C:\WINDOWS\system32\fullsrbndl.exe
C:\WINDOWS\system32\uninstall.exe

Empty Recycle Bin

Re-scan with kaspersky


Post:

- a fresh HijackThis log
- kaspersky report
 
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
hey shaba... thanks for letting me start up again... questions i have..

there is no morpheous toolbar and i'm not sure what you meant by similiar?

i searched for the file folder C:\QooBox\Quarantine\
i get a huge list,,,but the C:\QooBox\Quarantine\ is at the top.. this is the one i empty? also.. how do i empty it? do you mean delete it? i don't see an empty option

thanks...

bober
 
Hi

"there is no morpheous toolbar and i'm not sure what you meant by similiar?"

Ok, then skip it.

Delete all files/folders inside this folder C:\QooBox\Quarantine\ but not the folder itself.

That is emptying :)
 
okay bud.. i deleted everything around the folder.. but when i click on the folder i still get these titles

docume 1.. program files and windows.. there is something in these folders..

the main folder says C then i click on it and get the above...anymore work to do here?
 
hi.. kapersky to follow,,, sucker takes awhile to run..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:39 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\MDG\MDGnotify.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Shortcut to MDGnotify.lnk = C:\WINDOWS\MDG\MDGnotify.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\COGECO Security Services\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165112979375
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.easypix.ca/en/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://www.easypix.ca/en/ulcontrolxp.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.maximonline.com/sports/7th_inning/babe_slideshow/images/1.jpg
O24 - Desktop Component 1: (no name) - http://64.4.26.250/cgi-bin/getmsg/D...1309101c6a84f03b965b92babc84cd17e2e53cd660131

--
End of file - 9712 bytes
 
Hi

Meanwhile you can do this:


Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Trend Micro Personal Firewall (PccPfw)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Repeat step for these:

Trend NT Realtime Service (Tmntsrv)
Trend Micro Proxy Service (tmproxy)

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete PccPfw
Click: OK

Repeat step for these:

Tmntsrv
tmproxy

Reboot and post a fresh HijackThis log.
 
You must log in or register to reply here.
Back
Top