Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I've been invaded... Please help.. malware and viruses

Started by joby , Jan 20 2007 03:30 AM

  • Please log in to reply

#16
joby
Posted 24 January 2007 - 01:57 PM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
alright did what you said and reran the rootkit scanner.... congrats you have no installed rootkits... so I guess that end of it is clean now.. should I try to run those other scans that you wanted me to run now?
  • 0

Advertisements

#17
Daemon
Posted 24 January 2007 - 02:07 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Good, we have probably got rid of the primary problem. Run those scans now and post the logs from them when done.
  • 0

#18
joby
Posted 25 January 2007 - 06:23 PM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
SUPERAntiSpyware Scan Log
Generated 01/24/2007 at 09:59 PM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 02:27:42

Memory items scanned : 397
Memory threats detected : 0
Registry items scanned : 4921
Registry threats detected : 37
File items scanned : 79383
File threats detected : 49

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@66702201[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mb[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Adware.Toolbar888
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib
HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138266.DLL

Adware.IST/YourSiteBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [  ]

Adware.MyWay
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\SearchAssistant
HKLM\Software\MyWay\SearchAssistant#Dir
HKLM\Software\MyWay\SearchAssistant#pid
HKLM\Software\MyWay\SearchAssistant#CurInstall
HKLM\Software\MyWay\SearchAssistant#sr
HKLM\Software\MyWay\SearchAssistant#pl
HKLM\Software\MyWay\SearchAssistant#Id
HKLM\Software\MyWay\SearchAssistant#CacheDir
HKLM\Software\MyWay\SearchAssistant#ConfigDateStamp
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay\SrchAstt
C:\Program Files\MyWay

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1482476501-2146958123-839522115-1003\Software\Microsoft\Internet Explorer\Main#BandRest
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest

Adware.SurfSideKick
C:\!KILLBOX\SSKKNWRD.DLL

Trojan.Downloader-VXGame
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\3PK31ZUM\GAME2[1].EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZXME9G5R\GAME0[1].EXE
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZXME9G5R\GAME1[1].EXE

Trojan.TaskDir
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138114.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138210.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138239.DLL
C:\WINDOWS\SYSTEM32\ZLBW.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\ADIRSS.EXE
C:\WINDOWS\Prefetch\ADIRSS.EXE-347EFE0C.pf

Trojan.Downloader-AlSys
C:\WINDOWS\SYSTEM32\ALSYS.EXE

Trojan.VXGame-Gen
C:\WINDOWS\SYSTEM32\GAME1.EXE
C:\WINDOWS\SYSTEM32\GAME2.EXE
C:\WINDOWS\SYSTEM32\GAME4.EXE
C:\WINDOWS\Prefetch\GAME1.EXE-2A702DE0.pf

Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\GAME5.EXE.EXE
C:\WINDOWS\SYSTEM32\SVCP.CSV
C:\WINDOWS\Prefetch\GAME5.EXE.EXE-1CC58D0C.pf

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\VX.TLL



OK there is the superantispyware log... I still can't get active scan to run all the way through and it's picking up quit a bit of stuff. tell me what to do next
  • 0

#19
Daemon
Posted 26 January 2007 - 12:37 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Re-run the Find AWF program from earlier - you reported a problem with that last time. Follow the instructions exactly, let me know if you still get an error message and post it's log.
  • 0

#20
joby
Posted 26 January 2007 - 11:18 AM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Still got the error message. Here is the log that was generated.


Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report
  • 0

#21
Daemon
Posted 26 January 2007 - 11:32 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Hmmm.. could you check your AVG AntiSpyware for updates then run a scan - set it up like this:
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan together with a new HijackThis log.
  • 0

#22
joby
Posted 26 January 2007 - 05:51 PM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Alright here is the hijack this log....



Logfile of HijackThis v1.99.1
Scan saved at 6:47:15 PM, on 1/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\AIM95\aim.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.countryroaddesigns.net/wp/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Owner\Desktop\Ares.exe" -h
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares galaxy] "C:\Program Files\Ares Galaxy\Ares.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...a-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.co...x-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.301 - http://chat.goarmy.c...va/cfs40301.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.co...e-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...l-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: WebConnect Pro 6.2.10 - https://secureconnec...ebConnectDU.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1138676420153
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1138676368372
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.co...er/MFImgVwr.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfami...oads/MrSIDI.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwin...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe



And here is the avg antispyware log....




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:35:20 PM 1/26/2007

+ Scan result:



C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131710.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131711.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131712.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131713.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138205.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138206.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138207.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138208.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138242.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138243.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138244.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138245.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131709.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138203.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138240.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152949.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131696.exe -> Backdoor.Small.nu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133780.exe -> Backdoor.Small.nu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138142.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138232.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0140344.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0140346.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141510.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141512.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0142506.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0144515.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0145516.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147544.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147659.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0149762.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0152775.exe -> Downloader.Agent.bet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132767.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136845.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138123.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138230.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138251.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141524.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GPK8N0US\game3[1].exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXME9G5R\game4[1].exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0152770.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0152771.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0152772.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0152773.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0152774.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\game3.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lnwin.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP787\A0131742.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP787\A0132746.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132764.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132766.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0133766.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133779.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133817.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136843.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138122.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138227.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141523.exe -> Downloader.Small.cpt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132765.exe -> Downloader.Small.cxx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138228.exe -> Downloader.Small.cxx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP787\A0132749.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132768.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0133770.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133772.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133784.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133809.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136846.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136847.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136868.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137075.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137095.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0137118.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138117.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138140.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138141.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138211.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138229.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138231.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139304.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139306.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139326.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139328.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141514.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141521.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141526.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138121.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141516.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137091.exe -> Downloader.Small.ebm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141517.exe -> Downloader.Tibs.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131694.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP787\A0132745.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132762.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0133764.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133777.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133808.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136841.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136863.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137071.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137088.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0137114.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138136.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138225.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141525.exe -> Downloader.Tibs.jy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131721.dll -> Logger.Banker.zq : Cleaned with backup (quarantined).
C:\!KillBox\mswapi.dll -> Logger.Iespy.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP794\A0149738.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152955.exe -> Proxy.Lager.dp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138143.sys -> Rootkit.Agent.dh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138233.sys -> Rootkit.Agent.dh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139334.sys -> Rootkit.Agent.dh : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@realmedia[1].txt.dat/Documents and Settings/Owner/Cookies/owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Enigma Software Group\SpyHunter\Backup\owner@realmedia[2].txt.dat/Documents and Settings/Owner/Cookies/owner@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP786\A0131695.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP787\A0131741.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP787\A0132743.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0132763.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP789\A0133765.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133778.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133795.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0133818.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136842.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0136864.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137072.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP790\A0137089.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0137110.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138138.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138226.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141527.exe -> Trojan.Agent.oh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138249.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138250.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139305.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0139327.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0140345.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141511.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0146513.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147539.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152954.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0137109.exe -> Worm.Nuwar.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138135.exe -> Worm.Nuwar.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138237.exe -> Worm.Nuwar.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141515.exe -> Worm.Nuwar.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141518.exe -> Worm.Nuwar.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\BWvRonU.exe -> Worm.Poca.b : Cleaned with backup (quarantined).


::Report end
  • 0

#23
Daemon
Posted 29 January 2007 - 04:24 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Apologies for the delay getting back to you - I have the flu. I'll respond again when I'm back on my feet.
  • 0

#24
Daemon
Posted 05 February 2007 - 12:22 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, I'm back - do you still require assistance?
  • 0

#25
joby
Posted 05 February 2007 - 03:53 PM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
yeah this computer is screwed. tell me what to do and I'll do it again. lol glad you're feeling better
  • 0

Advertisements

#26
Daemon
Posted 06 February 2007 - 02:08 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Try this for me - please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#27
joby
Posted 06 February 2007 - 07:00 PM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 06, 2007 7:51:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/02/2007
Kaspersky Anti-Virus database records: 265615
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 74693
Number of viruses found: 15
Number of infected objects: 56 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:13:39

Infected Object Name / Virus Name / Last Action
C:\!KillBox\blubstersetup250.exe/WISE0013.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\!KillBox\blubstersetup250.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\!KillBox\blubstersetup250.exe/WISE0015.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\!KillBox\blubstersetup250.exe/WISE0015.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\!KillBox\blubstersetup250.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\!KillBox\blubstersetup250.exe WiseSFX: infected - 12 skipped
C:\!KillBox\blubstershop.exe/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\!KillBox\blubstershop.exe NSIS: infected - 1 skipped
C:\!KillBox\CxtPls\libexpat.dll Infected: Virus.Win32.Porad.a skipped
C:\!KillBox\CxtPls\ProxyStub.dll Infected: Virus.Win32.Porad.a skipped
C:\!KillBox\CxtPls\pstub0\proxystub.dll Infected: Virus.Win32.Porad.a skipped
C:\!KillBox\CxtPls\uninstaller.exe Infected: Virus.Win32.Porad.a skipped
C:\!KillBox\CxtPls\WinGenerics.dll Infected: Virus.Win32.Porad.a skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{0CAAD0CB-5A4C-470E-871C-5C5C44F14A30}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{0CAAD0CB-5A4C-470E-871C-5C5C44F14A30}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{0CAAD0CB-5A4C-470E-871C-5C5C44F14A30}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{0CAAD0CB-5A4C-470E-871C-5C5C44F14A30}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{0CAAD0CB-5A4C-470E-871C-5C5C44F14A30}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\001F2CB4/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\001F2CB4/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\001F2CB4 NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\001F2CB4 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\002500AD Infected: not-a-virus:AdWare.Win32.Downloadware skipped
C:\Program Files\Norton AntiVirus\Quarantine\094565C7.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BD11585.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BD11585.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E8C4D3D Infected: not-a-virus:AdWare.Win32.Downloadware skipped
C:\Program Files\Norton AntiVirus\Quarantine\10763B9D.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\10763B9D.exe Infected: Trojan-Downloader.Win32.Small.aru skipped
C:\Program Files\Norton AntiVirus\Quarantine\107A6599.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\107A6599.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\107D0F96.exe Infected: Trojan-Downloader.Win32.Small.aru skipped
C:\Program Files\Norton AntiVirus\Quarantine\14DD1BD3.exe Infected: Trojan-Downloader.Win32.Small.aru skipped
C:\Program Files\Norton AntiVirus\Quarantine\18412512 Infected: Exploit.Win32.IMG-WMF.u skipped
C:\Program Files\Norton AntiVirus\Quarantine\24DD7C63 Infected: Virus.Win32.Porad.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31A8138A Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\32911AFD/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\32911AFD NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\32911AFD CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\54272FE4.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\573A111C.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\633B6351.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E7B0AEF.js Infected: Trojan-Downloader.JS.WinAD.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\707820BE.exe Infected: Trojan-Downloader.Win32.Small.aru skipped
C:\Program Files\Norton AntiVirus\Quarantine\723144D9.exe Infected: Trojan-Downloader.Win32.Small.aru skipped
C:\Program Files\Norton AntiVirus\Quarantine\76643A3B.class Infected: Trojan.Java.Femad skipped
C:\Program Files\Norton AntiVirus\Quarantine\76643A3B.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\76676437.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\766A0E34.exe Infected: Trojan-Downloader.Win32.Small.aru skipped
C:\Program Files\Norton AntiVirus\Quarantine\7CDB4EA6.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E9B1165.class Infected: Exploit.Java.ByteVerify skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP773\A0124397.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP773\A0126364.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP780\A0126560.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138238.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138289.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138290.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138291.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0138292.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141513.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141519.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP791\A0141520.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0142505.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0143505.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0144516.sys Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0145507.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0146512.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP792\A0147505.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147538.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147656.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147657.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP793\A0147658.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP794\A0147665.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP794\A0149665.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP795\A0150752.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152950.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152951.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152952.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152953.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152970.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152971.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP797\A0152972.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP801\A0153101.exe Object is locked skipped
C:\System Volume Information\_restore{8495237E-E223-4A52-91AB-F37AB406368C}\RP807\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D529E9A7-8BB5-4BB6-B008-2C3E74465B78}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mssync20.ex_ Object is locked skipped
C:\WINDOWS\system32\mssync20.sy_ Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#28
Daemon
Posted 06 February 2007 - 11:09 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Nothing new there - could you tell me exactly what problems you are now having?
  • 0

#29
joby
Posted 08 February 2007 - 01:01 PM

joby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
The computer is very slow. It keeps freezing for like 2 minutes at a time. There is a Windows Installer box that pops up occasionally and it won't let me close it. The computer hasn't shut itself down in about a week so thats a good thing.
  • 0

#30
Daemon
Posted 18 February 2007 - 11:24 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
I don't think your problem is malware related anymore. Please post a final HijackThis log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP