Stuck with Malware

J

jcantwell

New member
I recently did a real stupid thing. I disabled my virus protection in order to get a program to install. Of course I now have problems with my browser being very slow and pop-ups. Have run Spy-bot and AdAware both found things and cleaned them but still haveing the same problems. If anyone can help I would appreciate it. My Hijackthis log is below

Logfile of HijackThis v1.99.1
Scan saved at 7:55:08 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
D:\Utilities\PowerISO\PWRISOVM.EXE
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es108.112.42.206 ad.doubleclick.net
O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com
O1 - Hosts: 106.62.59.13 report.bitdefender.com
O1 - Hosts: 178.95.95.213 ad.fastclick.net
O1 - Hosts: 107.116.117.138 ads.fastclick.net
O1 - Hosts: 174.15.27.94 ar.atwola.com
O1 - Hosts: 115.27.183.221 atdmt.com
O1 - Hosts: 183.97.110.57 avp.ch
O1 - Hosts: 114.153.7.176 avp.com
O1 - Hosts: 179.51.181.210 avp.ru
O1 - Hosts: 108.15.197.227 awaps.net
O1 - Hosts: 180.66.164.240 banner.fastclick.net
O1 - Hosts: 112.56.109.230 banners.fastclick.net
O1 - Hosts: 177.137.61.67 ca.com
O1 - Hosts: 111.18.29.102 www.ca.com
O1 - Hosts: 180.140.140.115 click.atdmt.com
O1 - Hosts: 104.148.31.185 clicks.atdmt.com
O1 - Hosts: 186.213.124.100 customer.symantec.com
O1 - Hosts: 100.96.64.129 dispatch.mcafee.com
O1 - Hosts: 183.2.101.136 download.mcafee.com
O1 - Hosts: 104.210.98.148 download.microsoft.com
O1 - Hosts: 181.159.189.68 downloads.microsoft.com
O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com
O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com
O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com
O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com
O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com
O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com
O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com
O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com
O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com
O1 - Hosts: 111.57.62.146 engine.awaps.net
O1 - Hosts: 179.113.96.3 f-secure.com
O1 - Hosts: 100.178.73.135 fastclick.net
O1 - Hosts: 182.38.71.88 ftp.avp.ch
O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 186.39.46.12 ftp.f-secure.com
O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru
O1 - Hosts: 174.100.75.218 ftp.sophos.com
O1 - Hosts: 111.138.97.30 go.microsoft.com
O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com
O1 - Hosts: 110.101.147.64 kaspersky-labs.com
O1 - Hosts: 182.218.134.18 kaspersky.com
O1 - Hosts: 110.50.113.133 liveupdate.symantec.com
O1 - Hosts: 178.160.128.199 liveupdate.symantecliveupdate.com
O1 - Hosts: 115.84.151.31 mast.mcafee.com
O1 - Hosts: 185.0.220.131 mcafee.com
O1 - Hosts: 109.92.142.185 media.fastclick.net
O1 - Hosts: 176.171.191.233 msdn.microsoft.com
O1 - Hosts: 103.113.37.211 my-etrust.com
O1 - Hosts: 180.172.202.29 nai.com
O1 - Hosts: 115.89.143.98 networkassociates.com
O1 - Hosts: 174.46.37.27 office.microsoft.com
O1 - Hosts: 109.188.51.100 phx.corporate-ir.net
O1 - Hosts: 185.45.204.116 rads.mcafee.com
O1 - Hosts: 109.120.41.223 secure.nai.com
O1 - Hosts: 177.7.179.127 securityresponse.symantec.com
O1 - Hosts: 108.217.74.1 service1.symantec.com
O1 - Hosts: 183.50.26.181 sophos.com
O1 - Hosts: 109.170.21.186 spd.atdmt.com
O1 - Hosts: 187.58.188.136 support.microsoft.com
O1 - Hosts: 101.13.209.239 symantec.com
O1 - Hosts: 176.188.88.223 trendmicro.com
O1 - Hosts: 105.130.169.168 update.symantec.com
O1 - Hosts: 182.123.36.37 updates.symantec.com
O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com
O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com
O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com
O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com
O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com
O1 - Hosts: 177.164.21.164 us.mcafee.com
O1 - Hosts: 104.191.68.232 vil.nai.com
O1 - Hosts: 178.104.12.229 viruslist.com
O1 - Hosts: 115.45.29.170 viruslist.ru
O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com
O1 - Hosts: 101.14.104.106 www.avp.ch
O1 - Hosts: 187.220.183.234 www.avp.com
O1 - Hosts: 106.32.32.175 www.avp.ru
O1 - Hosts: 186.54.74.45 www.awaps.net
O1 - Hosts: 101.143.19.123 www.ca.com
O1 - Hosts: 174.32.86.13 www.f-secure.com
O1 - Hosts: 105.116.161.207 www.fastclick.net
O1 - Hosts: 181.161.67.179 www.grisoft.com
O1 - Hosts: 112.172.26.189 www.kaspersky-labs.com
O1 - Hosts: 184.209.149.39 www.kaspersky.com
O1 - Hosts: 101.182.189.240 www.kaspersky.ru
O1 - Hosts: 173.37.26.35 www.mcafee.com
O1 - Hosts: 112.46.139.229 www.my-etrust.com
O1 - Hosts: 178.225.214.176 www.nai.com
O1 - Hosts: 108.150.114.26 www.networkassociates.com
O1 - Hosts: 178.182.181.42 www.sophos.com
O1 - Hosts: 109.208.204.78 www.symantec.com
O1 - Hosts: 185.128.102.236 www.trendmicro.com
O1 - Hosts: 106.65.196.108 www.viruslist.com
O1 - Hosts: 179.223.125.67 www.viruslist.ru
O1 - Hosts: 103.38.35.138 www3.ca.com
O1 - Hosts: 175.24.52.173 avp.ch
O1 - Hosts: 112.167.176.41 avp.com
O1 - Hosts: 181.132.72.29 avp.ru
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A817B0C2-33BD-40D5-A60C-07C658595786} - C:\WINDOWS\system32\vturr.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrqopp.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\vmyscxii.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utilities\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lfnbqkpl.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - D:\Utilities\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Utilities\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Utilities\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162753680343
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.gov.ns.ca/fina/rescsu/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FE7C46-6ED7-4A51-986B-F0ACFE5F328B}: NameServer = 142.177.1.2 142.177.129.11
O20 - Winlogon Notify: rqrqopp - C:\WINDOWS\SYSTEM32\rqrqopp.dll
O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
Hi jcantwell

Download HostsXpert and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your desktop

  • Click "Make Hosts Writable?" upper right corner (if available)
  • Click "Restore Microsoft's Original Hosts File" and then click OK
  • Close HostsXpert
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Post:

- a fresh HijackThis log
- vundofix report
- sdfix report
 
Here are the reports

VundoFix V6.3.12

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 8:15:19 AM 3/3/2007

Listing files found while scanning....

C:\WINDOWS\system32\auyxklaq.dll
C:\WINDOWS\system32\cnhveeir.dll
C:\WINDOWS\system32\eapekubu.dll
C:\WINDOWS\system32\gxvehrou.exe
C:\WINDOWS\system32\khfeeba.dll
C:\WINDOWS\system32\lfnbqkpl.dll
C:\WINDOWS\system32\lpkqbnfl.ini
C:\WINDOWS\system32\mljgeba.dll
C:\WINDOWS\system32\rqrqopp.dll
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.bak2
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\uykjqiah.exe
C:\WINDOWS\system32\vmyscxii.dll
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wmdyjfhb.exe
C:\WINDOWS\system32\wvuvssq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\auyxklaq.dll
C:\WINDOWS\system32\auyxklaq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cnhveeir.dll
C:\WINDOWS\system32\cnhveeir.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eapekubu.dll
C:\WINDOWS\system32\eapekubu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gxvehrou.exe
C:\WINDOWS\system32\gxvehrou.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfeeba.dll
C:\WINDOWS\system32\khfeeba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lfnbqkpl.dll
C:\WINDOWS\system32\lfnbqkpl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lpkqbnfl.ini
C:\WINDOWS\system32\lpkqbnfl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgeba.dll
C:\WINDOWS\system32\mljgeba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqopp.dll
C:\WINDOWS\system32\rqrqopp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrutv.bak2
C:\WINDOWS\system32\rrutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\rrutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uykjqiah.exe
C:\WINDOWS\system32\uykjqiah.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\vturr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wmdyjfhb.exe
C:\WINDOWS\system32\wmdyjfhb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvssq.dll
C:\WINDOWS\system32\wvuvssq.dll Has been deleted!

Performing Repairs to the registry.
Done!





Logfile of HijackThis v1.99.1
Scan saved at 10:54:14 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
D:\Utilities\PowerISO\PWRISOVM.EXE
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\HiJack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A817B0C2-33BD-40D5-A60C-07C658595786} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrqopp.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utilities\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - D:\Utilities\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Utilities\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Utilities\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162753680343
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.gov.ns.ca/fina/rescsu/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FE7C46-6ED7-4A51-986B-F0ACFE5F328B}: NameServer = 142.177.1.2 142.177.129.11
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)





SDFix: Version 1.69

Run by John - Sat 03/03/2007 @ 10:59:19.32

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\JOHN\APPLIC~1\SUN\JAVA\DEPLOY~1\CACHE\JAVAPI\V1.0\JAR\ARR3JA~1.IDX - Deleted
C:\DOCUME~1\JOHN\APPLIC~1\SUN\JAVA\DEPLOY~1\CACHE\JAVAPI\V1.0\JAR\ARR3JA~1.ZIP - Deleted
C:\WINDOWS\system32\drivers\svchost.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Utilities\\Azureus\\Azureus.exe"="D:\\Utilities\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\iTunes\\iTunes.exe"="D:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Neverwinter Nights 2\\nwn2main.exe"="D:\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="D:\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\\Neverwinter Nights 2\\nwupdate.exe"="D:\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\\Neverwinter Nights 2\\nwn2server.exe"="D:\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="D:\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="D:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="D:\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="D:\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\\battleField_2142\\BF2142.exe"="D:\\battleField_2142\\BF2142.exe:*:Enabled:Battlefield 2"
"D:\\Lord_Of_Rings\\The Lord of the Rings Online\\lotroclient.exe"="D:\\Lord_Of_Rings\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\gbpxzeklkfj.exe
C:\WINDOWS\system32\FBACE2A840.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\Temp\gzy3ypeb.TMP

Add/Remove Programs List:

The Lord of the Rings OnlineT: Shadows of AngmarT v07.11.30.50
Download Accelerator Plus (DAP)
HijackThis 1.99.1
K-Lite Mega Codec Pack 1.53
C:\\PROGRA~1\\LEXMAR~1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
MSN
NVIDIA Drivers
Photo DVD Maker Professional 6.32
Photo DVD Slideshow 2.0
PowerISO
RecordPad Sound Recorder
Adobe Flash Player 9 ActiveX
Tetris Revolution 1.0
WavePad Uninstall
Winamp (remove only)
WinRAR archiver
WinZip
Gothic III
Corel Snapfire
J2SE Runtime Environment 5.0 Update 9
iTunes
QuickTime
Microsoft .NET Framework 2.0
EAX4 Unified Redist
Trixie
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Apple Software Update
Dark Messiah
Adobe Reader 7.0.9
Nero 7 Demo
Tom Clancy's Splinter Cell Double Agent
Microsoft .NET Framework 1.1
BitDefender 9 Professional Plus
Corel Paint Shop Pro Photo XI
ECHO is off.
Battlefield 2142
Neverwinter Nights 2
Realtek AC'97 Audio

Finished
 
Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {A817B0C2-33BD-40D5-A60C-07C658595786} - C:\WINDOWS\system32\vturr.dll (file missing)
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\rqrqopp.dll (file missing)
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe

Close all windows including browser and press fix checked.

Download the Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\system32\gbpxzeklkfj.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report
 
Updated reports from hijackthis and kaspersky, they are too big to post together so I will post the kaspersky repot in another post


Logfile of HijackThis v1.99.1
Scan saved at 2:15:54 PM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
D:\Utilities\PowerISO\PWRISOVM.EXE
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utilities\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - D:\Utilities\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Utilities\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Utilities\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162753680343
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.gov.ns.ca/fina/rescsu/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FE7C46-6ED7-4A51-986B-F0ACFE5F328B}: NameServer = 142.177.1.2 142.177.129.11
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
KASPERSKY report



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 2:13:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275584
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 154080
Number of viruses found: 24
Number of infected objects: 84 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:50:43

Infected Object Name / Virus Name / Last Action
C:\!KillBox\gbpxzeklkfj.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/Beyond.class Infected: Trojan.Java.StartPage.f skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip ZIP: infected - 4 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip ZIP: infected - 3 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1595bf0d-7f9b0a3a.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1595bf0d-7f9b0a3a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1595bf0d-7f9b0a3a.zip ZIP: infected - 2 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip ZIP: infected - 3 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip ZIP: infected - 3 skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\IXP001.TMP\x.exe Infected: Trojan-Downloader.Win32.Agent.bfu skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip Infected: Trojan.Java.ClassLoader.k skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP143\A0014573.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP146\A0015322.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015690.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015691.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015692.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015693.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015696.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015698.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015700.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015802.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\change.log Object is locked skipped
C:\VundoFix Backups\auyxklaq.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\cnhveeir.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\eapekubu.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\gxvehrou.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\khfeeba.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\lfnbqkpl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\mljgeba.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\rqrqopp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\uykjqiah.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wmdyjfhb.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wvuvssq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C9D6E8A2-67B4-49D6-A066-443907F6300D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00001545\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Alcohol 120\Alcohol 120\StarWind\logs\starwind.2007-03-03.12-09-09.log Object is locked skipped
D:\Old_Drive\Bit_Torrent\Slysoft AnyDVD v5.9.6.0 + crack.rar/AnyDvd.5.9.6.0 crack/AnyDVD_keygen.exe Infected: Trojan-Dropper.Win32.WinAD.i skipped
D:\Old_Drive\Bit_Torrent\Slysoft AnyDVD v5.9.6.0 + crack.rar RAR: infected - 1 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream/data0007/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe NSIS: infected - 4 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.asy skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe UPX: infected - 1 skipped
D:\Tor\GT3.rar/Gothic 3.exe/data0000.cab/TESTEX~1.EXE Infected: Backdoor.Win32.Bifrose.aca skipped
D:\Tor\GT3.rar/Gothic 3.exe/data0000.cab Infected: Backdoor.Win32.Bifrose.aca skipped
D:\Tor\GT3.rar/Gothic 3.exe Infected: Backdoor.Win32.Bifrose.aca skipped
D:\Tor\GT3.rar RAR: infected - 3 skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip/run.exe Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip ZIP: infected - 3 skipped
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip/WinRAR.v4.65(cracked) (totally new interface)/WRAR4.65.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip/WinRAR.v4.65(cracked) (totally new interface)/WRAR4.65.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip ZIP: infected - 2 skipped
D:\Utilities\DVD_Photo_Slideshow_72\setup.exe/x.exe Infected: Trojan-Downloader.Win32.Agent.bfu skipped
D:\Utilities\DVD_Photo_Slideshow_72\setup.exe CAB: infected - 1 skipped
D:\Utilities\PhotoDVD\photo_dvd_maker_6.32_keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
D:\Utilities\PowerISO\Crack\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Utilities\PowerISO\Crack\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Utilities\PowerISO\Crack\run.exe NSIS: infected - 2 skipped
D:\Utilities\PowerISO\Crack\run.exe UPX: infected - 2 skipped
D:\Utilities\PowerISO\Crack\run.exe PE_Patch.UPX: infected - 2 skipped
D:\Utilities\WinRaR\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\Utilities\WinRaR\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe CreateInstall: infected - 1 skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

Empty these folders:

C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
C:\VundoFix Backups
C:\Documents and Settings\John\Local Settings\Temp\
C:\SDFix\backups

Delete these:

D:\Old_Drive\Bit_Torrent\Slysoft AnyDVD v5.9.6.0 + crack.rar
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe
D:\Tor\GT3.rar
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip
D:\Utilities\DVD_Photo_Slideshow_72\setup.exe
D:\Utilities\PowerISO\Crack\run.exe
D:\Utilities\WinRaR\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe
D:\Utilities\PhotoDVD\photo_dvd_maker_6.32_keygen.exe

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
In case they are too large I will sent in 2 posts. First the hifackthis



Logfile of HijackThis v1.99.1
Scan saved at 2:21:02 AM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
D:\Utilities\PowerISO\PWRISOVM.EXE
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utilities\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo

Downloader.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - D:\Utilities\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Utilities\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Utilities\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} -

C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} -

C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162753680343
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -

http://www.gov.ns.ca/fina/rescsu/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FE7C46-6ED7-4A51-986B-F0ACFE5F328B}: NameServer =

142.177.1.2 142.177.129.11
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common

Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program

Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol

120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program

Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common

Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
Now my kaspersky report


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 2:13:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275584
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 154080
Number of viruses found: 24
Number of infected objects: 84 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:50:43

Infected Object Name / Virus Name / Last Action
C:\!KillBox\gbpxzeklkfj.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip/Beyond.class Infected: Trojan.Java.StartPage.f skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archiven.jar-28b8018-5d6d1956.zip ZIP: infected - 4 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3bd84a60-426cc970.zip ZIP: infected - 3 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1595bf0d-7f9b0a3a.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1595bf0d-7f9b0a3a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1595bf0d-7f9b0a3a.zip ZIP: infected - 2 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv476.jar-2aae42be-3495ed13.zip ZIP: infected - 3 skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-100a1692-3e5c2d5b.zip ZIP: infected - 3 skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\IXP001.TMP\x.exe Infected: Trojan-Downloader.Win32.Agent.bfu skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\SDFix\backups\backups.zip/backups/arr3.jar-44f46a27-3c68e74d.zip Infected: Trojan.Java.ClassLoader.k skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP143\A0014573.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP146\A0015322.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015690.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015691.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015692.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015693.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015696.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015698.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015700.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015802.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\change.log Object is locked skipped
C:\VundoFix Backups\auyxklaq.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\cnhveeir.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\eapekubu.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\gxvehrou.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\khfeeba.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\lfnbqkpl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\VundoFix Backups\mljgeba.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\rqrqopp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\VundoFix Backups\uykjqiah.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wmdyjfhb.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wvuvssq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C9D6E8A2-67B4-49D6-A066-443907F6300D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00001545\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Alcohol 120\Alcohol 120\StarWind\logs\starwind.2007-03-03.12-09-09.log Object is locked skipped
D:\Old_Drive\Bit_Torrent\Slysoft AnyDVD v5.9.6.0 + crack.rar/AnyDvd.5.9.6.0 crack/AnyDVD_keygen.exe Infected: Trojan-Dropper.Win32.WinAD.i skipped
D:\Old_Drive\Bit_Torrent\Slysoft AnyDVD v5.9.6.0 + crack.rar RAR: infected - 1 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream/data0007/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Old_Drive\Video\Gordian_Knot\Gordian.Knot.Codec.Pack.1.7.Setup.exe NSIS: infected - 4 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.asy skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe UPX: infected - 1 skipped
D:\Tor\GT3.rar/Gothic 3.exe/data0000.cab/TESTEX~1.EXE Infected: Backdoor.Win32.Bifrose.aca skipped
D:\Tor\GT3.rar/Gothic 3.exe/data0000.cab Infected: Backdoor.Win32.Bifrose.aca skipped
D:\Tor\GT3.rar/Gothic 3.exe Infected: Backdoor.Win32.Bifrose.aca skipped
D:\Tor\GT3.rar RAR: infected - 3 skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip/run.exe Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Tor\PowerISO.v3.5.Multilingual.Keymaker.Only.Read.NFO-CORE.zip ZIP: infected - 3 skipped
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip/WinRAR.v4.65(cracked) (totally new interface)/WRAR4.65.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip/WinRAR.v4.65(cracked) (totally new interface)/WRAR4.65.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\Tor\WinRAR.v4.65(cracked) (totally new interface).zip ZIP: infected - 2 skipped
D:\Utilities\DVD_Photo_Slideshow_72\setup.exe/x.exe Infected: Trojan-Downloader.Win32.Agent.bfu skipped
D:\Utilities\DVD_Photo_Slideshow_72\setup.exe CAB: infected - 1 skipped
D:\Utilities\PhotoDVD\photo_dvd_maker_6.32_keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
D:\Utilities\PowerISO\Crack\run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Utilities\PowerISO\Crack\run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\Utilities\PowerISO\Crack\run.exe NSIS: infected - 2 skipped
D:\Utilities\PowerISO\Crack\run.exe UPX: infected - 2 skipped
D:\Utilities\PowerISO\Crack\run.exe PE_Patch.UPX: infected - 2 skipped
D:\Utilities\WinRaR\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\Utilities\WinRaR\WinRAR.v4.65(cracked) (totally new interface)\WRAR4.65.exe CreateInstall: infected - 1 skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

That kaspersky report is same as above.

If you have re-scanned with kaspersky, please post a fresh kaspersky log :)
 
Sorry here is a new report


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 04, 2007 10:18:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/03/2007
Kaspersky Anti-Virus database records: 275769
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 151874
Number of viruses found: 12
Number of infected objects: 35 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:55:19

Infected Object Name / Virus Name / Last Action
C:\!KillBox\gbpxzeklkfj.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012007030420070305\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\4FBZ6O1T\count[1].htm Infected: Trojan-Downloader.JS.Inor.a skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP143\A0014573.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP146\A0015322.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015690.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015691.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015692.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015693.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015696.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015698.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015700.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015802.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP153\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C9D6E8A2-67B4-49D6-A066-443907F6300D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00001545\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Alcohol 120\Alcohol 120\StarWind\logs\starwind.2007-03-03.12-09-09.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream/data0007/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe NSIS: infected - 4 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015816.exe/x.exe Infected: Trojan-Downloader.Win32.Agent.bfu skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015816.exe CAB: infected - 1 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe/stream Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe UPX: infected - 2 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe PE_Patch.UPX: infected - 2 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015818.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015818.exe CreateInstall: infected - 1 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015819.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP153\change.log Object is locked skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.asy skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe UPX: infected - 1 skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Hi

Empty this folder:

C:\!KillBox\

Empty Recycle Bin

Empty Internet explorer temporary internet files

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
New Kaspersky report


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 06, 2007 7:04:34 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/03/2007
Kaspersky Anti-Virus database records: 276228
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 136015
Number of viruses found: 11
Number of infected objects: 34 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:00:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012007030520070306\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\John\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked skipped
C:\Program Files\Softwin\BitDefender9\regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP143\A0014573.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP146\A0015322.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015690.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015691.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015692.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015693.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015694.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015696.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015698.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015700.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015701.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015802.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP154\A0015854.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
C:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP154\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C9D6E8A2-67B4-49D6-A066-443907F6300D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00001545\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Alcohol 120\Alcohol 120\StarWind\logs\starwind.2007-03-03.12-09-09.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream/data0007/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015815.exe NSIS: infected - 4 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015816.exe/x.exe Infected: Trojan-Downloader.Win32.Agent.bfu skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015816.exe CAB: infected - 1 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe/stream Infected: Trojan-Downloader.Win32.Zlob.axx skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe UPX: infected - 2 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015817.exe PE_Patch.UPX: infected - 2 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015818.exe/winupdaters.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015818.exe CreateInstall: infected - 1 skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP152\A0015819.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
D:\System Volume Information\_restore{154D68E2-8DAB-464B-A29B-DCB339FAD8A4}\RP154\change.log Object is locked skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.asy skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{9975CF8C-42D9-42F0-8BD5-8D7F8C01422C}\RP26\A0008303.exe UPX: infected - 1 skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
New hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 7:41:53 PM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
D:\iTunes\iTunesHelper.exe
D:\Utilities\PowerISO\PWRISOVM.EXE
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJack\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Utilities\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - D:\Utilities\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Utilities\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Utilities\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162753680343
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.gov.ns.ca/fina/rescsu/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{85FE7C46-6ED7-4A51-986B-F0ACFE5F328B}: NameServer = 142.177.1.2 142.177.129.11
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Go here and download and install JRE 6.0. Click the link that says Download JRE 6.0 . You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-6-windows-i586.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 5.0 Update 9.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for - Spybot S & D and Ad-aware

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
 
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top