Zlob Trojan -VideoActiveXAccess(Spyhunter)-need help

A

alexpnd

New member
Hey.

Ive managed to remove it all thanks to youre guys advice. I went to this guys thread:

http://forums.spybot.info/showthread.php?t=15010

I think its all good upto the kaspersky report where there are some files id like to remove but not sure if I can or should?

-----------------------------------------------

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alex\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Alex\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alex\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Alex\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobImageActiveXAccess3.zip/imsmain.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobImageActiveXAccess3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0000.VBN/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0000.VBN/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0000.VBN/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0000.VBN ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0001.VBN/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0001.VBN/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0001.VBN/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0001.VBN ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\062C0001.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440001.VBN/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440001.VBN ZIP: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08440001.VBN CryptZ: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A580000.VBN Infected: Trojan.Win32.MSShell skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0000.VBN Infected: Trojan-Dropper.VBS.Inor.cz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0001.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0001.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0001.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0001.VBN ZIP: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D1C0001.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped

C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0393NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0836NAV~.TMP Object is locked skipped

C:\Program Files\Valve\Steam\Steam.log Object is locked skipped

C:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped

C:\Program Files\Valve\Steam\SteamLogs\SteamStats.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0105694.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bth skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0105694.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bth skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0105694.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0105697.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bth skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0105697.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bth skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP861\A0105697.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP862\A0105790.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bth skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP862\A0105790.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bth skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP862\A0105790.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP862\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\sptd8237.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped




Thanks if you reply to this. Is there some sort of donation system?
Cheers.
 
Hi alexpnd

Use this link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, and double click on the HijackThis.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.
 
Hey thanks.
You guys are heros of the new millennia.

Logfile of HijackThis v1.99.1
Scan saved at 12:56:10 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\System32\DeltaPnl.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Alex\Desktop\Program Downloads\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=bxgff61
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - \iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alexpnd.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
 
Hi

Are both AVG and Norton up-to-date?

If so, you should uninstall AVG. Only one antivirus/computer

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
 
Hey there. Things have taken a turn for the worse. I was in the middle of a kaspersky scan when a thunderstorm knocked out my power. Now my computer wont get passed the blue "Welcome" screen of XP. It runs in safe mode and i did a full AVG Scan. It only found 6 tracker cookies :S

Any advice?
 
Hi

"I was in the middle of a kaspersky scan when a thunderstorm knocked out my power. Now my computer wont get passed the blue "Welcome" screen of XP."

Something wrong on hardware. Take it to eg. some computer store for research & repair.
 
Last edited:
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top