Geeks to Go Forums: viruswebprotect [RESOLVED] - Geeks to Go Forums

Jump to content

i Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or start a new topic of your own. Joining allows you to enjoy all this forum has to offer. Learn more in our Welcome Guide. What are you waiting for? Click here to join for free today!
  • (2 Pages)
  • +
  • 1
  • 2

viruswebprotect [RESOLVED] viruswebprotect trojan

#16 User is offline   seagert 

  • Member
  • PipPip
  • Group: Member
  • Posts: 14
  • Joined: 16-December 07
  • Location:Portsmouth, England
  • Operating System:Windows XP

Posted 23 December 2007 - 11:58 AM

Hi Don77,

Fixed the 2 files and restarted. No CDSWinSrv.exe message upon restart. Fresh HJT log attached below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:16, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\sdwork\w32main2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\My Documents\My Received Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [RescueRecoverySetPW] c:\sdwork\Rescue&RecoverySetPW.lnk
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.24/pmonmh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [assistant2] "C:\Program Files\VoiceRite\Client\\Viewer.exe" /minimize
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://w3quickplace.lotus.com/qp2.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = portsmouth.uk.ibm.com,uk.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = portsmouth.uk.ibm.com,uk.ibm.com,ibm.com
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

--
End of file - 13124 bytes
0

#17 User is offline   don77 

  • Malware Expert
  • Group: Expert
  • Posts: 18,526
  • Joined: 05-July 04
  • Location:Boston Ma.
  • Operating System:XP Pro,ME, 98

Posted 23 December 2007 - 12:16 PM

Good news,,, the log looks clean

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer

  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:

  • Save the file to your desktop.
  • Copy and paste that information in your next post.

0

#18 User is offline   seagert 

  • Member
  • PipPip
  • Group: Member
  • Posts: 14
  • Joined: 16-December 07
  • Location:Portsmouth, England
  • Operating System:Windows XP

Posted 23 December 2007 - 03:12 PM

Hi Don77,

Here's the Kaspersky log ...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 23, 2007 9:08:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/12/2007
Kaspersky Anti-Virus database records: 492575
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 86438
Number of viruses found: 3
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 02:23:53

Infected Object Name / Virus Name / Last Action
C:\$SIMS\NetRun.exe Infected: not-a-virus:RiskTool.Win32.PsExec.153 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\javasharedresources\C230D1A32_IBMSDP_G01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007122320071224\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\BIT44E.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9822.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\IBM\My Help\configuration\org.eclipse.core.runtime\.manager\.tmp734.instance Object is locked skipped
C:\Program Files\IBM\My Help\configuration\org.eclipse.osgi\.manager\.tmp733.instance Object is locked skipped
C:\Program Files\IBM\My Help\configuration\org.eclipse.update\.lock Object is locked skipped
C:\Program Files\IBM\My Help\derby.log Object is locked skipped
C:\Program Files\IBM\My Help\workspace\.metadata\.lock Object is locked skipped
C:\Program Files\IBM\My Help\workspace\log\MyHelp.log Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\db.lck Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\log\log10.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c10.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c121.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c130.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c141.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c20.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c200.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c211.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c290.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c2c1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c2d0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c2e1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c300.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c311.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c320.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c330.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c341.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c350.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c360.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c3f0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c401.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c480.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c491.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c4a0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c4b1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c4c0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c4d1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c4e0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c4f1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c51.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c580.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c5f0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c60.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c600.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c611.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c620.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c631.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c640.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c690.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c6a0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c6b1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c6e0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c6f1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c700.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c71.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c711.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c860.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c870.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c8b0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c8c0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c8d0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c8e0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c8f0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c90.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c900.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c950.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c960.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ca1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cc0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cd1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ce1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cf0.dat Object is locked skipped
C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\msg_client.log Object is locked skipped
C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\trace_client.log Object is locked skipped
C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\trace_clientservice.err Object is locked skipped
C:\Program Files\IBM\tivoli\dcd\client\ISSI\logs\trace_clientservice.out Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0220NAV~.TMP Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0276NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP244\A0061077.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP244\A0061077.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP244\A0061077.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP245\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BA333936-7BDB-466D-BDF3-B27F1E4C5DAD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\profile.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\leosrv.dll Infected: not-a-virus:AdWare.Win32.Vapsup.rw skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\xcvwer.dll Infected: not-a-virus:AdWare.Win32.Vapsup.rw skipped

Scan process completed.
0

#19 User is offline   don77 

  • Malware Expert
  • Group: Expert
  • Posts: 18,526
  • Joined: 05-July 04
  • Location:Boston Ma.
  • Operating System:XP Pro,ME, 98

Posted 23 December 2007 - 09:55 PM

:) looks good now just some minor clean ups left
Kapersky found some quarantined files and a few infected restore points pay attention clearing out stsyem restore and we will run clean up with otmoveit to take care of the quarantined files

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot,


And finally
Nice job your log is clean ! :)
How is it running ?
Please use the following suggestion to help prevent reinfection

  • Download the following program, For keeping crap off your system to begin with
    Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
    Download
    Spyware Blaster
    Spyware Guard
    IE-Spyad



  • Online scan
    For an added check run an online virus scan, you can use one of the 2 below,
    TrendMicro's HouseCall
    ActiveScan



  • Clean out Temp Folders
    Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
    Please download ATF Cleaner by Atribune.
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.



  • Updating Java and Clearing Cache:
    • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
    • It will say "Java Plug-in" under the icon.
      Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
    • If you are unable to update you can manually update by going Here
    • After the reboot, go back into the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
        Downloaded Applets
        Downloaded Applications
        Other Files

    • Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.




  • Windows Updates
    Remeber to Check Windows for updates



  • Flush System Restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
      1. Turn off System Restore.
        On the Desktop, right-click My Computer.
        Click Properties.
        Click the System Restore tab.
        Check Turn off System Restore.
        Click Apply, and then click OK.
      2. Restart your computer.

      3. Turn ON System Restore.
        On the Desktop, right-click My Computer.
        Click Properties.
        Click the System Restore tab.
        UN-Check Turn off System Restore.
        Click Apply, and then click OK.
    System Restore will now be active again.


    To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

0

#20 User is offline   seagert 

  • Member
  • PipPip
  • Group: Member
  • Posts: 14
  • Joined: 16-December 07
  • Location:Portsmouth, England
  • Operating System:Windows XP

Posted 24 December 2007 - 10:01 AM

Hi Don77,

Laptop has been running fine all day. Just wanted to say a huge "thank you" for all of your help and advice. I would have been lost without you.

Happy holidays, Terry
0

#21 User is offline   don77 

  • Malware Expert
  • Group: Expert
  • Posts: 18,526
  • Joined: 05-July 04
  • Location:Boston Ma.
  • Operating System:XP Pro,ME, 98

Posted 24 December 2007 - 08:26 PM

Happy Holidays to you as well Terry

Your very welcome :)
0

#22 User is offline   don77 

  • Malware Expert
  • Group: Expert
  • Posts: 18,526
  • Joined: 05-July 04
  • Location:Boston Ma.
  • Operating System:XP Pro,ME, 98

Posted 24 December 2007 - 08:30 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
0

Share this topic:


  • (2 Pages)
  • +
  • 1
  • 2

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


Advertisements do not imply our endorsement of that product or service. Join to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising | Contact | Link to us