what to do with all the scans after done and virus' still there?

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

what to do with all the scans after done and virus' still there?

#1 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 20 March 2007 - 06:05 PM

i went through the prcedures requested to begin and the panda scan still found more .... here are the logs

highjackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:01:07 PM, on 3/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\igfxtray.exe
F:\WINDOWS\System32\hkcmd.exe
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
F:\Program Files\Softwin\BitDefender10\bdagent.exe
F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
F:\WINDOWS\system32\notepad.exe
F:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - È<é - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] "F:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SUPERAntiSpyware] "F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173997336609
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Panda Scan:
Incident Status Location

Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\Program Files\NetMeeting\Down(1).exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP254\A0049320.exe[svchost.exe]
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0055328.exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0057328.exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0058329.exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059480.exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP260\A0062344.exe
Potentially unwanted tool:Application/WindowHider.A Not disinfected C:\Temp\windowhider.exe
Virus:Bck/Hupigon.AVB Disinfected C:\WINDOWS\Config\termccc.exe

AVG Scan:---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:45:55 PM 3/19/2007

+ Scan result:

C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059336.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP259\A0062341.exe/regst.exe -> Backdoor.Bifrose.d : Cleaned with backup (quarantined).
C:\WINDOWS\IIS\Down(2).exe/regst.exe -> Backdoor.Bifrose.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059332.exe -> Backdoor.Hupigon.cpb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059333.exe -> Backdoor.Hupigon.cpb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP259\A0060325.exe -> Backdoor.Hupigon.dfv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP260\A0062347.exe -> Backdoor.Hupigon.dfv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP261\A0063345.EXE -> Backdoor.Hupigon.dfv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066408.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066416.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0055330.exe -> Logger.VB.oh : Cleaned with backup (quarantined).
C:\WINDOWS\system\gm.exe -> Logger.VB.oh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\durvilx.dll -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\WINDOWS\system32\druid_a4m.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\durvilx.exe -> Trojan.Kolweb.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP262\A0063366.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP262\A0063360.EXE -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP262\A0063365.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0065411.EXE -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066409.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066410.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066411.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066412.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066424.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0066425.EXE -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

BitDefender Scan:

//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 19/03/2007 01:09:02
//
//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\
F:\
Folders : 3527
Files : 177931
Memory processes scanned : 8
Archives : 1406
Runtime packers : 7685
Identified viruses : 15
Infected files : 23
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 3
Moved files : 16
I/O errors : 127
Scan time : 00:36:39
Scan speed (files/sec) : 80

Spyware Statistics

Registry keys scanned : 1603
Registry keys infected : 0
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0

Virus definitions : 442167
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: F:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1174284542.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies

Summary:

C:\Program Files\Common Files\Microsoft Shared\MSInfo\realetin.exe Infected: Backdoor.Hupigon.DFV
C:\Program Files\Common Files\Microsoft Shared\MSInfo\realetin.exe Disinfection failed
C:\Program Files\Common Files\Microsoft Shared\MSInfo\realetin.exe Moved
C:\Program Files\NetMeeting\msmsgs Infected: Generic.Graybird.2E5538D0
C:\Program Files\NetMeeting\msmsgs Disinfection failed
C:\Program Files\NetMeeting\msmsgs Moved
C:\Temp\term.exe=>(RAR Sfx o)=>term.exe Infected: Trojan.BAT.Agent.C
C:\Temp\term.exe=>(RAR Sfx o)=>term.exe Disinfection failed
C:\Temp\term.exe=>(RAR Sfx o)=>term.exe Move failed
C:\Temp\term.exe=>(RAR Sfx o)=>termddd.exe=>(RAR Sfx o)=>svchost.exe Infected: Trojan.Fearless.K
C:\Temp\term.exe=>(RAR Sfx o)=>termddd.exe=>(RAR Sfx o)=>svchost.exe Deleted
C:\Temp\term.exe=>(RAR Sfx o)=>termddd.exe=>(RAR Sfx o) Repacking archive failed
C:\Temp\term.exe=>(RAR Sfx o)=>flu100.exe Infected: Backdoor.Graybird.MA
C:\Temp\term.exe=>(RAR Sfx o)=>flu100.exe Disinfection failed
C:\Temp\term.exe=>(RAR Sfx o)=>flu100.exe Move failed
C:\WINDOWS\Config\term.exe Infected: Trojan.BAT.Agent.C
C:\WINDOWS\Config\term.exe Disinfection failed
C:\WINDOWS\Config\term.exe Moved
C:\WINDOWS\Config\termddd.exe=>(RAR Sfx o)=>svchost.exe Infected: Trojan.Fearless.K
C:\WINDOWS\Config\termddd.exe=>(RAR Sfx o)=>svchost.exe Deleted
C:\WINDOWS\Config\termddd.exe=>(RAR Sfx o) Repacking archive failed
C:\WINDOWS\Help\svchost.exe Infected: Trojan.Fearless.K
C:\WINDOWS\Help\svchost.exe Deleted
C:\WINDOWS\IIS\Down(0).exe Infected: Generic.Malware.SBdldsp.7298EE68
C:\WINDOWS\IIS\Down(0).exe Disinfection failed
C:\WINDOWS\IIS\Down(0).exe Moved
C:\WINDOWS\IIS\Down(1).exe Infected: Generic.Malware.SBdldsp.7298EE68
C:\WINDOWS\IIS\Down(1).exe Disinfection failed
C:\WINDOWS\IIS\Down(1).exe Moved
C:\WINDOWS\IIS\Down(2).exe=>(RAR Sfx o)=>regst.exe Infected: Backdoor.Eggdrop.AD
C:\WINDOWS\IIS\Down(2).exe=>(RAR Sfx o)=>regst.exe Disinfection failed
C:\WINDOWS\IIS\Down(2).exe=>(RAR Sfx o)=>regst.exe Move failed
C:\WINDOWS\IIS\Down(2).exe=>(RAR Sfx o)=>regst.DLL Infected: Backdoor.Eggdrop.1.7
C:\WINDOWS\IIS\Down(2).exe=>(RAR Sfx o)=>regst.DLL Disinfection failed
C:\WINDOWS\IIS\Down(2).exe=>(RAR Sfx o)=>regst.DLL Move failed
C:\WINDOWS\SCVHOST.EXE Infected: Generic.Malware.SBdldsp.7298EE68
C:\WINDOWS\SCVHOST.EXE Disinfection failed
C:\WINDOWS\SCVHOST.EXE Moved
C:\WINDOWS\Services.exe Infected: Trojan.Clicker.VB.II
C:\WINDOWS\Services.exe Disinfection failed
C:\WINDOWS\Services.exe Moved
C:\WINDOWS\system32\aiqbfwt.dll Infected: Trojan.Spambot.BXB
C:\WINDOWS\system32\aiqbfwt.dll Disinfection failed
C:\WINDOWS\system32\aiqbfwt.dll Moved
C:\WINDOWS\system32\drivers\etc\hosts Infected: Generic.Qhost.D0CF5D13
C:\WINDOWS\system32\drivers\etc\hosts Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts Moved
C:\WINDOWS\system32\pdvyeng.dll Infected: Trojan.Busky.1.Gen
C:\WINDOWS\system32\pdvyeng.dll Disinfection failed
C:\WINDOWS\system32\pdvyeng.dll Moved
C:\WINDOWS\system32\regst.exe Infected: Backdoor.Eggdrop.AD
C:\WINDOWS\system32\regst.exe Disinfection failed
C:\WINDOWS\system32\regst.exe Moved
C:\WINDOWS\system32\rpcc.dll Infected: Trojan.Agent.ACE
C:\WINDOWS\system32\rpcc.dll Disinfection failed
C:\WINDOWS\system32\rpcc.dll Moved
C:\WINDOWS\system32\sciekad.dll Infected: Trojan.Busky.2.Gen
C:\WINDOWS\system32\sciekad.dll Disinfection failed
C:\WINDOWS\system32\sciekad.dll Moved
C:\WINDOWS\system32\TInject.Dll Infected: Backdoor.Eggdrop.AD
C:\WINDOWS\system32\TInject.Dll Disinfection failed
C:\WINDOWS\system32\TInject.Dll Moved
C:\WINDOWS\Temp\winA742.tmp Infected: Trojan.Agent.ABT
C:\WINDOWS\Temp\winA742.tmp Disinfection failed
C:\WINDOWS\Temp\winA742.tmp Moved
C:\WINDOWS\Temp\winlogin.exe Infected: Trojan.Clicker.VB.II
C:\WINDOWS\Temp\winlogin.exe Disinfection failed
C:\WINDOWS\Temp\winlogin.exe Moved

Please help me remove them!!!

thanks
joey

#2 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 20 March 2007 - 10:19 PM

Hello and welcome to GeeksToGo!

Please do not post multiple topics, it just makes it harder for everyone.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Click OK
Now under select a target to scan:
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

==========

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - È<é - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

==========

When done post a fresh HijackThis log and the Kaspersky report

logreeval

#3 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 09:33 PM

hi logreeval, sorry for the 2 posts that are identical, i ddint post that twice. the reason i re-posted witha different heading was because i wanted to change the title line and cant find where it tells me how to delete stop previous post. sorry ... here are the 2 logs you requested. i wasnt sure if yuo meant to run an additional log scan of hijackthis after removing the files you told me to select so i am including that as well.

KAPERSKY SCAN:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 21, 2007 11:21:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/03/2007
Kaspersky Anti-Virus database records: 283987
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 51111
Number of viruses found: 3
Number of infected objects: 27 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:54:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Program Files\NetMeeting\Down(1).exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\Program Files\NetMeeting\Down(1).exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\Program Files\NetMeeting\Down(1).exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{134E2A18-98D3-468B-A95B-AAB899F991EC}\RP9\A0000103.exe Object is locked skipped
C:\System Volume Information\_restore{134E2A18-98D3-468B-A95B-AAB899F991EC}\RP9\A0000104.exe Infected: Trojan.Win32.Kolweb.j skipped
C:\System Volume Information\_restore{134E2A18-98D3-468B-A95B-AAB899F991EC}\RP9\A0000105.exe Infected: Trojan.Win32.Kolweb.j skipped
C:\System Volume Information\_restore{134E2A18-98D3-468B-A95B-AAB899F991EC}\RP9\A0000106.dll Infected: Trojan.Win32.Kolweb.b skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP254\A0049320.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP254\A0049320.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP254\A0049320.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP256\A0052328.exe Object is locked skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0055328.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0055328.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0055328.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0057328.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0057328.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP257\A0057328.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0058329.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0058329.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0058329.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059480.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059480.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP258\A0059480.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP260\A0062344.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP260\A0062344.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP260\A0062344.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP260\A0062348.exe Object is locked skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP261\A0063341.exe Object is locked skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP261\A0063358.exe Object is locked skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP262\A0063359.exe Object is locked skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP262\A0063364.exe Object is locked skipped
C:\System Volume Information\_restore{9C60C382-09F6-4524-A8A9-5884D91493E7}\RP263\A0065421.exe Object is locked skipped
C:\Temp\term.exe Object is locked skipped
C:\Temp\windowhider.exe/data.rar/svchost.exe Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\Temp\windowhider.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.g skipped
C:\Temp\windowhider.exe RarSFX: infected - 2 skipped
C:\WINDOWS\Config\termddd.exe Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1880 Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\2856 Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0461D949-922B-47DA-A463-728E60D115D0.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS05F596A2-75B7-47A1-A7F5-081B221E4142.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS060FD39A-18AC-4A89-AD6E-CF8ABA4CAB6B.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS06995E49-84D2-4203-8A9B-951E3D446F76.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0774AF99-5201-403F-BC26-B006E2AA34DD.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15BECF60-FC97-426E-A1C1-FF316A6A7D7C.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS18C595A0-0B62-47FF-BF7F-1D56CCA5C305.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS216AF940-FAD9-469D-938C-2533BBE45B7A.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2282A2C2-DE1C-441C-B957-839C88D36C1E.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23C5C549-2D61-4F1E-B8F7-63C3C0A2BE5E.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28E24D9A-A9AA-4B32-B942-FAFE87AFB8E9.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS293644FA-62B5-45A0-B3EE-D29157A449E1.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B3259ED-4D31-4848-BC9B-371BE09D4849.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B5211F6-2880-4FEB-BCDA-A7677FA8D99D.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32D1C452-90F9-45B4-A304-6B33F5419C6E.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS33C24F2F-4CE0-4774-899A-9C5D5F1ECE52.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS384ED483-F743-418F-B3B4-AA8D42BA0914.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A54433C-9E74-40B6-AF95-AD794B4AD144.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3AA3E5C2-F0AD-4642-9B7F-CD36FBC90AA2.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B8C68FC-4B96-49E7-9B17-272BAFEC017A.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3CC55914-64CC-44B1-BC3C-285AB77FA525.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3CF1C9FE-F598-4DC8-BA51-84A81F2BD6DB.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DB7533A-FB57-47FC-A7D7-D91BF2770CC9.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F161654-C11C-489F-87A4-9F99D3B244C3.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS40B9D1E5-EB9E-4DFD-A5F1-581D549236C7.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41BE3957-EECC-4F95-B896-B4B32B882821.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4393CF72-1992-4090-92B4-20E88BA51698.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS45DD7068-2FD0-4C73-B466-8C7C81BD6A4C.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4862E736-8316-48DC-9865-AB3A068BD1B2.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A82E93D-203A-4A7D-9129-B185E5B9175A.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS508E4721-1856-4FC5-BAB3-F7DC8380BDA1.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5843A255-7350-47FA-AC07-2342CFB73D77.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS60B54AE3-E470-4348-B8FB-0A24051F7FD3.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65B7280C-A2D6-486B-A4A3-87839E86FABF.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C5F79B3-63CE-44A4-A7E1-E181E5687CC3.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DC29967-9EEC-4CD6-8DAE-858EA0F33E34.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS768ED1E9-BCFC-4D6A-88D4-3075F8FAD289.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78A7699D-1AF3-4D65-91AF-C26BE8E063C1.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7AE3B458-D1AD-4F44-A713-E007B5309253.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7CBF3206-4808-4CF8-85F8-985F100D0368.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D0D4664-B892-42E7-BCFD-20A31A8EB4A6.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F3C7C91-A606-470F-B13B-EE262D2FCD25.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS82DF9E55-E9A4-450A-8DCF-BF946D1893F1.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8977D9A5-A3DF-46FF-8864-510B05A5C2BE.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8EB0931C-3141-45F5-93A5-133714F332DF.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9499E5E8-FBEF-4A6F-97C3-18E0956CE108.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C1112BC-4F40-4E2E-9929-1C7D750882C0.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CF9DD34-8171-4CE9-9AD5-930503774AEF.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F2EB00D-E873-4167-A8F1-3CF85C88B3D5.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9FE74262-08CF-4BE9-98B8-4A0CA098508E.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1424757-C9EA-45E4-ADC9-8798487AB3C4.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA162A3FC-13AD-4BFA-BB36-0EF9B36DAFFA.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA37B98AC-9E77-4931-A2D6-E1D51AFC9D4C.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA59E6D0C-3442-4C93-9626-37FD9ECD765D.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD660CF4-78E2-401A-A85C-DD15FB23B5D1.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFF4C722-F926-452B-99E2-95AB985C4554.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7767728-F3FC-4481-B32C-5F967B048504.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7EA879B-267A-4AB2-A877-77ACB6E2B55C.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB84CBD61-82FA-44CF-B310-3F12EC5BA713.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB87CE444-2F84-4793-8B7F-42A423019F8C.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFCD1799-DA64-4FEF-B237-7842E26BF4F6.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC21A57E2-30B2-4860-BBAC-2AC771550CF9.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC22A5F52-F3DC-4A7A-B13E-53F81D045CD6.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC31BC480-F821-4DC4-BD04-02EE1A7DFB6A.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC381D87C-879B-499E-B0D8-CFC009CB4933.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC520A8AC-966F-4A5F-ACFE-5A0DDAECDFEC.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8F04262-DFCB-4480-A9F8-D072E4154FF5.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9CAD0E9-CF49-4931-9F42-2868A9E020C7.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD2CB2F4-C906-4BE0-8C44-450D518565D2.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE37F5D0-F659-4FBE-932E-B87B9DF36540.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD24F301B-B519-4219-A5E2-0375EB37E983.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5170F67-3B50-4FE4-BF15-7F1E4E78F333.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD54D51A8-8711-4203-9A61-68C99368A1EA.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD590AB84-C036-47FF-84EF-986A2EDA7DB1.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6F46595-FB4A-4F70-AC47-2346A04A8FE6.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7D3A60D-AFE3-472B-8444-EAE8FE8E7159.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD94FD185-FD67-4E5C-B481-D1B30BB29C08.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE2DCED4-EDD9-4502-AA98-74F27BA6E3C6.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDF48FDC3-A708-4ED3-A617-E6AFEF92ED0F.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0891BD3-D9EF-4553-8521-6D6B65FE837C.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2411E72-9485-4748-BC3A-4A65B40506D3.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2CC836F-FFB3-4FB0-A9CD-905511C406EB.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7971DD3-F5B9-4BE6-91C5-A6A3B27EE2A9.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC9401E6-E9BD-49B7-AFA6-A529C4BFC18E.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0A28E84-F28E-45A0-8CC2-973FD1985AE4.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF1EEBAAE-F7EC-4A52-95DF-83E267738DB7.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF75AF9FE-8E52-4D10-80F0-719D684DE442.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9D3D972-4ED1-450C-AF0F-BDE09B39DF48.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB07CE0C-238B-42CE-A330-3BB3662340FF.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB7CA5B0-CD69-4821-A3C3-67F58C6A27D8.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC4EBA64-2FF6-4048-8F05-0BECC41EDF1B.tmp Object is locked skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\Tony Del\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
F:\Documents and Settings\Tony Del\Application Data\Webroot\Spy Sweeper\Logs70321205733.ses Object is locked skipped
F:\Documents and Settings\Tony Del\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\Tony Del\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\Tony Del\Local Settings\Temp\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\Tony Del\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Tony Del\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Tony Del\Local Settings\Temp\~DFFCD4.tmp Object is locked skipped
F:\Documents and Settings\Tony Del\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\Tony Del\ntuser.dat.LOG Object is locked skipped
F:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
F:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
F:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
F:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
F:\System Volume Information\_restore{134E2A18-98D3-468B-A95B-AAB899F991EC}\RP22\change.log Object is locked skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
F:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
F:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\system32\bdss.log Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\default Object is locked skipped
F:\WINDOWS\system32\config\default.LOG Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\software Object is locked skipped
F:\WINDOWS\system32\config\software.LOG Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\system Object is locked skipped
F:\WINDOWS\system32\config\system.LOG Object is locked skipped
F:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
F:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\WINDOWS\system32\h323log.txt Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\Temp\tmp00003794\tmp00000000 Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HIJACKTHIS (scan before the removal):

Logfile of HijackThis v1.99.1
Scan saved at 11:22:47 PM, on 3/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\igfxtray.exe
F:\WINDOWS\System32\hkcmd.exe
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
F:\Program Files\Softwin\BitDefender10\bdagent.exe
F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
F:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - È<é - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] "F:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SUPERAntiSpyware] "F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173997336609
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

HIJACKTHIS (scan after the removal):

Logfile of HijackThis v1.99.1
Scan saved at 11:27:30 PM, on 3/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\igfxtray.exe
F:\WINDOWS\System32\hkcmd.exe
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
F:\Program Files\Softwin\BitDefender10\bdagent.exe
F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
F:\Program Files\HijackThis.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] "F:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SUPERAntiSpyware] "F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173997336609
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

thanks for your help ....

joey

#4 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 21 March 2007 - 09:51 PM

No problem about the double posting

Lets do a few things here...

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

==========

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\Program Files\NetMeeting\Down(1).exe
C:\Temp\windowhider.exe

==========

When done post a fresh HijackThis log, you don't need to do a scan before, just after

How is your computer running now?

logreeval

#5 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 10:08 PM

should iempty the trash before the scan?

#6 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 21 March 2007 - 10:12 PM

Yes.

#7 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 10:14 PM

here is the new scan ...

Logfile of HijackThis v1.99.1
Scan saved at 12:13:20 AM, on 3/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\igfxtray.exe
F:\WINDOWS\System32\hkcmd.exe
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
F:\Program Files\Softwin\BitDefender10\bdagent.exe
F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
F:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] "F:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [SUPERAntiSpyware] "F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173997336609
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#8 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 21 March 2007 - 10:22 PM

How is the computer running now?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

When done post a fresh HijackThis log and how the computer is running.

logreeval

#9 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 10:28 PM

one quick question ... the beginning directions, before i got to talk to you, never said what to do witht virus' in all the scans it asked me to perform. my question is, should i leave them in the quarentined states in those programs or delete them?

#10 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 21 March 2007 - 10:30 PM

You can leave them quarantined...if after a while your computer is still running good. You can then empty the quarantine.

logreeval

#11 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 10:32 PM

i tried the link 3 times and when i hit the download button, nothing happens?

#12 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 21 March 2007 - 10:37 PM

Ok, well that is not crucial, but try it tomorrow or later tonight.

It is probably something on their end.

How is the computer running?

#13 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 10:41 PM

well, i got it to download and then when i went to unistall the files, the add/remove prgram wont run. the first time i double clicked it it cam eup but nothing was there and then the 2nd & 3rd times it just wouldnt open.

#14 logreeval

Group: Member
Posts: 1,230
Joined: 16-March 06

Posted 21 March 2007 - 10:46 PM

You mean Add/Remove programs in control panel wouldn't open?

It takes a few moments for it to load.

Or are you talking about the program itself?

#15 jostew

Group: Member
Posts: 26
Joined: 19-March 07

Posted 21 March 2007 - 10:46 PM

i got into them, finally, but now it wont let me delete them. it is saying that there is an "error applying tranfers. verify that the specified tranfer paths are valid" also, i tried to install a program right after i got hte computer form my biss (adobe cs2) and tried to get rid of it but for some reason it is still in my add/remove files program, always with a different icon, and it say that it cant perform action becasue there is no file ... ?

Back to Virus, Spyware, Malware Removal

Share this topic:

3 Pages
1
2
3
→

Please log in to reply

what to do with all the scans after done and virus' still there? - Geeks to Go Forums