Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
      
 
 Closed TopicStart new topic
how to get rid of MyWebSearch and Trymedia [CLOSED]
aturetsky
post Mar 6 2008, 11:42 PM
Post #1


New Member
*
Posts: 1
OS: Windows XP
Below is the Kaspersky log of my system scan, which is allegedly "infected." The references to skoach-connect and turo-connect are fine as these are vnc-based utilities that I use for remote connectivity.
However, in it I also see references to MyWebSearch and Trymedia, for which there are no uninstall files, since I may have at one point deleted them directly from the system. How do I get rid of these? Does anything else in my log look suspicious? Also, under the Kaspersky log I am also posting the HijackThis log, but neither MyWebSearch nor Trymedia show up (MyWebSearch used to show up on it, but I supposedly "fixed" it with HijackThis)


CODE
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 06, 2008 11:13:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update:  7/03/2008
Kaspersky Anti-Virus database records: 607190
-------------------------------------------------------------------------------

Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

Scan Target - My Computer:
    C:\
    D:\

Scan Statistics:
    Total number of scanned objects: 61196
    Number of viruses found: 21
    Number of infected objects: 80
    Number of suspicious objects: 0
    Duration of the scan process: 02:02:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alex\Application Data\Ilium Software\ListPro\ListProAlarms.adb    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\ispnews\ispn.ini    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\ispnews\ispnc.items    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\ispnews\ispnr.items    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\cert8.db    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\formhistory.dat    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\history.dat    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\key3.db    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\parent.lock    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\search.sqlite    Object is locked    skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\urlclassifier2.sqlite    Object is locked    skipped
C:\Documents and Settings\Alex\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\Alex\Desktop\SkoachCoach.exe/file2    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\Documents and Settings\Alex\Desktop\SkoachCoach.exe    Inno: infected - 1    skipped
C:\Documents and Settings\Alex\Desktop\SkoachConnect.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\Documents and Settings\Alex\Desktop\SkoachConnect.exe    7-Zip: infected - 1    skipped
C:\Documents and Settings\Alex\Desktop\SkoachConnect.exe    UPX: infected - 1    skipped
C:\Documents and Settings\Alex\Desktop\turo-connect.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\Documents and Settings\Alex\Desktop\turo-connect.exe    7-Zip: infected - 1    skipped
C:\Documents and Settings\Alex\Desktop\turo-connect.exe    UPX: infected - 1    skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe/file04    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c    skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe/file05    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c    skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe/file34    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102    skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe    Inno: infected - 3    skipped
C:\Documents and Settings\Alex\Desktop\vnc-4_1_1-x86_win32.exe/file1    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110    skipped
C:\Documents and Settings\Alex\Desktop\vnc-4_1_1-x86_win32.exe/file3    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    skipped
C:\Documents and Settings\Alex\Desktop\vnc-4_1_1-x86_win32.exe    Inno: infected - 2    skipped
C:\Documents and Settings\Alex\Desktop\vncviewer.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102    skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_001_    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_002_    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_003_    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_MAP_    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat    Object is locked    skipped
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Alex\ntuser.dat    Object is locked    skipped
C:\Documents and Settings\Alex\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Alex\Yugma\lib\DskHooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370    skipped
C:\Documents and Settings\Alex\Yugma\lib\YugmaPlugin.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360    skipped
C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output\Alex\~Running.ping    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\DskHooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370    skipped
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\YugmaPlugin.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360    skipped
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG    Object is locked    skipped
C:\Program Files\Blue Coat K9 Web Protection\cwmlog.txt    Object is locked    skipped
C:\Program Files\Blue Coat K9 Web Protection\urls.log    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\deleteme_msg.log    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe.Qrt.log    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\perf.dat    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\power.dat    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.dbg    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.log    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsbwupst.log    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\Stlst\StatListDb.dat    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\Stlst\StatListDb.idx    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\logs\fspcwld.dat    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\logs\fspcwli.dat    Object is locked    skipped
C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt    Object is locked    skipped
C:\Program Files\UltraVNC\vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c    skipped
C:\Program Files\UltraVNC\vncviewer.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102    skipped
C:\Program Files\UltraVNC\winvnc.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070642.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.l    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070643.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.af    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070644.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.f    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070645.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.z    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070646.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070647.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070648.scr    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070652.exe    Infected: not-a-virus:AdWare.Win32.Trymedia.b    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP230\A0070999.dll    Infected: not-a-virus:AdTool.Win32.MyWebSearch.i    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071127.SCR    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071128.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.v    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071129.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071130.EXE    Infected: not-a-virus:AdTool.Win32.MyWebSearch.a    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071131.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.l    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071132.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071133.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071134.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071135.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.l    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071137.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.p    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071138.EXE    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071139.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071140.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071141.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch.i    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071142.EXE    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071143.DLL    Infected: not-a-virus:AdTool.Win32.MyWebSearch    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP266\A0078020.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP266\A0078022.exe    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP281\A0081266.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP281\A0081266.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP281\A0081266.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081373.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081373.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081373.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081374.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081374.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081374.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081375.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081375.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081375.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081378.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081378.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081378.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081381.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081381.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081381.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081383.exe/file2    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081383.exe    Inno: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081385.exe/file2    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081385.exe    Inno: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081386.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081386.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081386.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081388.exe/vnchooks.dll    Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081388.exe    7-Zip: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081388.exe    UPX: infected - 1    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP294\A0084001.exe    Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP294\A0084002.exe    Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm    skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP305\change.log    Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\edb.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\default    Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\Internet.evt    Object is locked    skipped
C:\WINDOWS\system32\config\SAM    Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\software    Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\system    Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
C:\WINDOWS\Temp\AVP7D5D.tmp    Object is locked    skipped
C:\WINDOWS\Temp\AVP7D5E.tmp    Object is locked    skipped
C:\WINDOWS\Temp\AVP7D61.tmp    Object is locked    skipped
C:\WINDOWS\Temp\AVP7D62.tmp    Object is locked    skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\5964    Object is locked    skipped
C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat    Object is locked    skipped
C:\WINDOWS\wiadebug.log    Object is locked    skipped
C:\WINDOWS\wiaservc.log    Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped

Scan process completed.


CODE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:08 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LXDBCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: lxdb_device -   - C:\WINDOWS\system32\lxdbcoms.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

--
End of file - 7371 bytes
Go to the top of the page
 
+Quote Post
sarahw
post Mar 8 2008, 04:42 AM
Post #2


Malware Staff
Group Icon
Posts: 2,606
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
You dont need to put your posts into quote tags. Just post them as they are.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. smile.gif
Go to the top of the page
 
+Quote Post
sarahw
post Mar 8 2008, 04:42 AM
Post #3


Malware Staff
Group Icon
Posts: 2,606
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Go to the top of the page
 
+Quote Post
sarahw
post Mar 12 2008, 05:46 PM
Post #4


Malware Staff
Group Icon
Posts: 2,606
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 21st November 2008 - 09:06 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.