Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HijackThis Log [RESOLVED]

Started by jmhohlman , Aug 14 2006 05:56 PM

  • This topic is locked This topic is locked

#16
jmhohlman
Posted 19 August 2006 - 05:14 PM

jmhohlman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, here are both of my results:

1.)folders.txt

Volume in drive C has no label.
Volume Serial Number is B494-F8AE

Directory of C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\program files\KODAK\KODAK Software Updater\7288971

01/09/2006 09:50 PM <DIR> Program
0 File(s) 0 bytes

Directory of C:\Program Files\Kodak\KODAK Software Updater\7288971

01/09/2006 09:54 PM <DIR> Program
0 File(s) 0 bytes

Directory of C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L

01/09/2006 09:50 PM <DIR> Program
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Allison\Application Data\Microsoft\Speech

09/11/2004 09:29 PM <DIR> Files
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
1 Dir(s) 62,092,091,392 bytes free


2.) online scan results


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 19, 2006 6:13:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/08/2006
Kaspersky Anti-Virus database records: 203683
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 56587
Number of viruses found: 46
Number of infected objects: 198 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:52:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060819_Time-165027906_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060819_Time-165027906_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_ALLIE.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_ALLIE.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Allison\Application Data\CiscoCAA\event.log Object is locked skipped
C:\Documents and Settings\Allison\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Allison\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4dipuagmtai.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4ejpglr.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4rwcszfl.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/dior4f4kqwmszfmt.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/dior4f4mrxntzfn.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/dior4f4nsypub.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/dior4f4otzqvcip.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/dior4f4xdjzfm.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/dior4f4zfkbhnu.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/mlsdf8hioukqwd.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/mlsdf8hnsjpv.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/mlsdf8hrwcsyelsz.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/nlkfev7hntjpvc.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/nlkfev7syeuah.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/nlkfev7wchntzgnub.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/nlkfev7zekbhnt.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/sklrr7yekpgmsyf.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip/backups/sklrr7yioflqxovck.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\Documents and Settings\Allison\Desktop\SDFix\SDFix\backups\backups.zip ZIP: infected - 18 skipped
C:\Documents and Settings\Allison\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\History\History.IE5\MSHist012006081920060820\index.dat Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\me_D610gbiYg3UYppp Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\me_F900sLtxfSzkUgq Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\me_hUy5amq6vs6iNFr Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\me_zUP8muHsMHRQbcp Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\me_Zw3rCEd4VtpcfFp Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\~DF4AFD.tmp Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temp\~DFB0E3.tmp Object is locked skipped
C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Allison\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Allison\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JT3VNXY\d212[1].exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JT3VNXY\google[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JT3VNXY\msmon[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ0AKUM\d209[1].exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ0AKUM\msmon[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ0AKUM\nas[1].tar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ0AKUM\pcdr32[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\111[1].net/stream/data0002 Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\111[1].net/stream Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\111[1].net NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\111[2].net/stream/data0002 Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\111[2].net/stream Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\111[2].net NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\google[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8RABCME\pendb[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0AKLM5O\111[1].net/stream/data0002 Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0AKLM5O\111[1].net/stream Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0AKLM5O\111[1].net NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0AKLM5O\arp[1].tar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0AKLM5O\google[1].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\drwin32.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\googlebar.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\itunes32b.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\msmon.pif Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\pcdr32.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\pendrive.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\6f34\f437463\infopak.zip Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\6f34\f437463\_bwfindx.zip Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\quarantine\count.jar-ad16d63-1da8fa08.zip.Vir/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\quarantine\count.jar-ad16d63-1da8fa08.zip.Vir/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\quarantine\count.jar-ad16d63-1da8fa08.zip.Vir/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\quarantine\count.jar-ad16d63-1da8fa08.zip.Vir ZIP: infected - 3 skipped
C:\quarantine\jar.jar-16e6c0b4-40f16f85.zip.Vir/Counter.class Infected: Trojan.Java.Femad skipped
C:\quarantine\jar.jar-16e6c0b4-40f16f85.zip.Vir/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\quarantine\jar.jar-16e6c0b4-40f16f85.zip.Vir/web.exe Infected: Trojan.Win32.LowZones.cu skipped
C:\quarantine\jar.jar-16e6c0b4-40f16f85.zip.Vir/Worker.class Infected: Trojan.Java.Femad skipped
C:\quarantine\jar.jar-16e6c0b4-40f16f85.zip.Vir/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\quarantine\jar.jar-16e6c0b4-40f16f85.zip.Vir ZIP: infected - 5 skipped
C:\quarantine\sklrr7ybgxdj.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ydioekrxel.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ypuaqxdjry.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ypubrxdkr.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ypvarxdjq.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ypygms.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ysxdjovbipx.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7ytzqvc.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\sklrr7yvarxd.exe.Vir Infected: Backdoor.Win32.HacDef.fw skipped
C:\quarantine\winupdate.exe.Vir Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.0 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.1 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.10 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.11 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.12 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.13 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.14 Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\quarantine\winupdate.exe.Vir.15 Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\quarantine\winupdate.exe.Vir.16 Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\quarantine\winupdate.exe.Vir.17 Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\quarantine\winupdate.exe.Vir.2 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.3 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.4 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.5 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.6 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.7 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.8 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\quarantine\winupdate.exe.Vir.9 Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\regedit.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP611\A0041580.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP615\A0041706.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP615\A0041720.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP616\A0041769.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP620\A0041916.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP624\A0042093.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP624\A0042106.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP624\A0042137.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0042173.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP640\A0043031.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0043047.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP641\A0043060.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP642\A0043089.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0043115.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044207.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044224.pif Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044284.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044285.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044286.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044287.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044288.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044289.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044290.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044291.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044292.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044293.exe Infected: Trojan-Downloader.Win32.Adload.ce skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044294.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044295.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044296.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044297.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044298.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044299.exe Infected: Trojan-Downloader.Win32.VB.afv skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044300.exe Infected: Trojan-Downloader.Win32.VB.afv skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044301.exe Infected: Trojan-Downloader.Win32.VB.afv skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044302.exe Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044303.exe Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044304.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044305.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044306.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044307.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044308.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044309.exe Infected: Trojan-Clicker.Win32.VB.or skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044310.exe Infected: Trojan-Downloader.Win32.Agent.aaf skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044311.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044312.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044313.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044314.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044315.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044319.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044320.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044321.com Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044322.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044323.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044324.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044325.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044326.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044327.exe Infected: Backdoor.Win32.SdBot.qh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044328.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044329.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044330.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044331.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044332.exe Infected: Trojan-Downloader.Win32.VB.agi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044333.exe Infected: Trojan-Downloader.Win32.Adload.dl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044334.exe Infected: Trojan-Downloader.Win32.Adload.dv skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044335.exe Infected: Trojan-Downloader.Win32.Adload.ec skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044336.exe Infected: Trojan-Downloader.Win32.Adload.ed skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044337.exe Infected: Trojan-Downloader.Win32.Adload.ca skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044338.exe Infected: Trojan-Downloader.Win32.VB.agp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044339.exe Infected: Trojan-Clicker.Win32.VB.fe skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044340.exe Infected: Trojan-Downloader.Win32.VB.ahj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044341.exe Infected: Trojan-Downloader.Win32.Adload.dj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044342.exe Infected: Trojan-Downloader.Win32.Adload.dj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044343.exe Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044344.exe Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044345.exe Infected: Trojan-Downloader.Win32.Adload.eb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044349.exe Infected: Trojan-Clicker.Win32.IntelliAdvert skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044353.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044354.dll Infected: Trojan.Win32.Agent.sx skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044355.exe Infected: Trojan.Win32.Agent.sx skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044366.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044370.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044371.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044384.exe Infected: Trojan-Downloader.Win32.VB.ada skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044413.exe Infected: Trojan-Downloader.Win32.Adload.ef skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044428.exe Infected: Trojan-Downloader.Win32.Adload.dh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044429.exe Infected: Trojan-Downloader.Win32.Adload.dv skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044484.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044485.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044486.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044487.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044488.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044490.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044491.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044492.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044493.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044494.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044495.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044496.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044497.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044498.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044499.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044500.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044501.exe Infected: Trojan-Proxy.Win32.Bobax.t skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP643\A0044502.exe Infected: Backdoor.Win32.HacDef.ga skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP644\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\hostsmgr.exe QuickBatch: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PECompact: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PecBundle: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\settings.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\removefunc.ram/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\SYSTEM32\removefunc.ram/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\SYSTEM32\removefunc.ram/settings.exe Infected: Trojan-Downloader.Win32.VB.afo skipped
C:\WINDOWS\SYSTEM32\removefunc.ram Instyler: infected - 3 skipped
C:\WINDOWS\SYSTEM32\VSL05.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\WINDOWS\SYSTEM32\VSL05.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\SYSTEM32\VSL05.exe NSIS: infected - 2 skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Hope this helps!!
  • 0

Advertisements

#17
Trevuren
Posted 19 August 2006 - 08:27 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Download System Security Suite.Zip to your Desktop
  • Click on 3ssetup104.zip and a window will open.
  • Click on EXTRACT and choose your Desktop as the destination.
  • Click on setup.exe on your Desktop to install the program.
  • Follow the prompts to complete the installation.
  • Open the program.
  • Check all the boxes under the 'Items to Clear' tab
  • Click 'Clear Selected Items'
  • Reboot your system
B. Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • Then click on the "All Files" button if there are more than 1 file to delete.
  • Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\Documents and Settings\Allison\Desktop\SDFix
    C:\drwin32.exe
    C:\googlebar.com
    C:\itunes32b.exe
    C:\msmon.pif
    C:\pcdr32.exe
    C:\pendrive.com
    C:\regedit.pif
    C:\WINDOWS\hostsmgr.exe
    C:\WINDOWS\settings.exe
    C:\WINDOWS\SYSTEM32\removefunc.ram
    C:\WINDOWS\SYSTEM32\VSL05.exe

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


C. And this tool should give us better results:


1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

cd C:\Program Files
dir /s /a C:\Program Files >> folders.txt & Start Notepad folders.txt

3. Save the file as "folders.bat". Make sure to save it with the quotes.

4. Double click folders.bat.

5. This will take a look at Program Files and open a file named folders.txt

6. Copy and paste the contents of folders.txt into your next reply here.

Regards,

Trevuren

Edited by Trevuren, 19 August 2006 - 09:02 PM.

  • 0

#18
jmhohlman
Posted 20 August 2006 - 02:28 PM

jmhohlman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok, I followed the instructions and here are the results from the folders.txt file.


Volume in drive C has no label.
Volume Serial Number is B494-F8AE

Directory of C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\program files\KODAK\KODAK Software Updater\7288971

01/09/2006 09:50 PM <DIR> Program
0 File(s) 0 bytes

Directory of C:\Program Files\Kodak\KODAK Software Updater\7288971

01/09/2006 09:54 PM <DIR> Program
0 File(s) 0 bytes

Directory of C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L

01/09/2006 09:50 PM <DIR> Program
0 File(s) 0 bytes




Thanks for looking
  • 0

#19
Trevuren
Posted 20 August 2006 - 04:57 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Enough of this. Using Windows Explorer, please navigate to C:\Program Files and look for the following 2 folders:

C:\Program Files\Network Monitor
C:\Program Files\Command

Please tell me what you find.

Regards,

Trevuren
  • 0

#20
jmhohlman
Posted 20 August 2006 - 07:56 PM

jmhohlman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Using Windows Explorer, under C:\Program Files, I was unable to find both the Command and Network Monitor directories. But, both command and network monitor applications are still located in my add/remove programs list. I am unable to remove either from the list as well.
  • 0

#21
Trevuren
Posted 20 August 2006 - 10:12 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Good!! They appear to be stuck registry entries of little consequence. Please post a fresh HJT log and also please tell me if you are aware of any other malware related problems with your system.

Trevuren
  • 0

#22
jmhohlman
Posted 21 August 2006 - 08:19 PM

jmhohlman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:18:43 PM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Documents and Settings\Allison\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Also, I have not experienced any other malware related problems with my system. I hope this is all we need to do and again, thank you for all of your help.
  • 0

#23
Trevuren
Posted 21 August 2006 - 10:41 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Please DELETE Malicious Items from the Ewido v4 Quarantine

A. Open Ewido by double clicking its icon located in the System Tray down by the clock.

B. Click on "Infections" on the Ewido Toolbar, then select the "Quarantine Tab"

C. Choose "Select All" at the bottom of the Ewido window, then click on the "Remove Finally" button and EXIT the program.

3. Please run System Security Suite again

4. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
Reboot your System

TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren
  • 0

#24
jmhohlman
Posted 22 August 2006 - 12:06 PM

jmhohlman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Wow, this is great. Thanks again for all of your help. You provided a great amount of knowledge and I will be sure to be more careful in the future. Thanks for being patient and giving me all the steps I needed to complete the tasks to get rid of the nasty spyware/trojans on my computer.
  • 0

#25
Trevuren
Posted 22 August 2006 - 01:40 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
My Pleasure,

Trevuren
  • 0

Advertisements

#26
Trevuren
Posted 22 August 2006 - 01:41 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP