Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help - Please, [Resolved]

Started by JoB , Jan 28 2008 10:37 AM

  • This topic is locked This topic is locked

#16
kahdah
Posted 01 February 2008 - 05:54 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It seems that you have 3 anti virus programs running.
Please uninstall all but one.
I recommend Kaspersky but please do remove avg and avast or which ever you choose to keep only keep one.
==========================================================================
After that Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)
  • 0

Advertisements

#17
JoB
Posted 02 February 2008 - 07:11 PM

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I uninstalled avg and tried with avast but couldnt...just have removed the files from the past...while doing the scan with dr.web it found 4 virus (..one was rosa i think and other 3..) until the pc rebbot..tried again and heres the log..

b64_1[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\56ZMNNHU;Trojan.PWS.Nerf;Eliminado.;
b64_1[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\56ZMNNHU;Trojan.PWS.Nerf;Eliminado.;
b64_2[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\56ZMNNHU;Win32.HLLM.Beagle;Eliminado.;
b64_2[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\56ZMNNHU;Win32.HLLM.Beagle;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\56ZMNNHU;Win32.HLLM.Beagle;Eliminado.;
b64_31[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\56ZMNNHU;Win32.HLLM.Beagle;Eliminado.;
b64_1[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJACW93K;Trojan.PWS.Nerf;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\AU4EJ38S;Win32.HLLM.Beagle;Eliminado.;
b64_2[3].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI79OR5R;Win32.HLLM.Beagle;Eliminado.;
b64_2[4].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI79OR5R;Win32.HLLM.Beagle;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPHCKM7H;Win32.HLLM.Beagle;Eliminado.;
b64_1[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQX6P0OK;Trojan.PWS.Nerf;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQX6P0OK;Win32.HLLM.Beagle;Eliminado.;
b64_31[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQX6P0OK;Win32.HLLM.Beagle;Eliminado.;
b64_2[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDZUJL1Q;Win32.HLLM.Beagle;Eliminado.;
b64_1[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2AV7INL;Trojan.PWS.Nerf;Eliminado.;
b64_1[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2AV7INL;Trojan.PWS.Nerf;Eliminado.;
b64_1[3].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2AV7INL;Trojan.PWS.Nerf;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2AV7INL;Win32.HLLM.Beagle;Eliminado.;
b64_31[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2AV7INL;Win32.HLLM.Beagle;Eliminado.;
b64_31[3].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2AV7INL;Win32.HLLM.Beagle;Eliminado.;
b64_1[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52N4B5P;Trojan.PWS.Nerf;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLQV3R3E;Win32.HLLM.Beagle;Eliminado.;
b64_2[1].jpg;C:\Documents and Settings\Jo\AppDat`\L2́al\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPS45GY8;Win32.HLLM.Beagle;Eliminado.;
b64_2[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPS45GY8;Win32.HLLM.Beagle;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPS45GY8;Win32.HLLM.Beagle;Eliminado.;
b64_31[2].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPS45GY8;Win32.HLLM.Beagle;Eliminado.;
b64_31[3].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPS45GY8;Win32.HLLM.Beagle;Eliminado.;
b64_1[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0UCZIP3;Trojan.PWS.Nerf;Eliminado.;
b64_31[1].jpg;C:\Documents and Settings\Jo\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0UCZIP3;Win32.HLLM.Beagle;Eliminado.;
Silent Runners.vbs;C:\Documents and Settings\Jo\Desktop;Provavelmente BATCH.Virus;;
Silent Runners.vbs;C:\Documents and Settings\Jo\Documents;Provavelmente BATCH.Virus;;
Silent Runners.vbs;C:\Documents and Settings\Jo\Os meus documentos;Provavelmente BATCH.Virus;;
Silent Runners.vbs;C:\Users\Jo\Desktop;Provavelmente BATCH.Virus;;
Silent Runners.vbs;C:\Users\Jo\Documents;Provavelmente BATCH.Virus;;
Silent Runners.vbs;C:\Users\Jo\Os meus documentos;Provavelmente BATCH.Virus;;
mdelk.exe;C:\Windows\System32;Win32.HLLM.Beagle;Eliminado.;
14453898.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
14453945.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
14461885.exe;C:\Windows\System32\drivers\down;Trojan.PWS.Nerf;Eliminado.;
14473117.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
14477766.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
29056652.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
29069304.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
43594760.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
43601452.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
43606897.exe;C:\Windows\System32\drivers\down;Win32.HLLM.Beagle;Eliminado.;
43614946.exe;C:\Windows\System32\drivers\down;Trojan.PWS.Nerf;Eliminado.;

Edited by JoB, 02 February 2008 - 07:13 PM.

  • 0

#18
kahdah
Posted 02 February 2008 - 07:25 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Let's try the Kaspersky once more:
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#19
JoB
Posted 03 February 2008 - 02:11 PM

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 03, 2008 8:07:24 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 546149
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 189761
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:56:32

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped
C:\$Recycle.Bin\S-1-5-21-790386248-3457186902-897816737-1000\$RF06GBH\setup.exe NSIS: infected - 6 skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.74.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.74.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010040.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010041.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010042.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010086.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010087.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010088.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy493.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf757C.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf757D.tmp Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\Jo\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Jo\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NMRRV39\std_d4bc2be15380d34bff526cb4c34c1c70[2].mp3 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7WOIFCK\get_video[2] Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat{55a900b8-b348-11dc-92c5-001bb9bd18ab}.TM.blf Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat{55a900b8-b348-11dc-92c5-001bb9bd18ab}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows\UsrClass.dat{55a900b8-b348-11dc-92c5-001bb9bd18ab}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Jo\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Jo\AppData\Local\Temp\flaF9A7.tmp Object is locked skipped
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\001.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\002.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\003.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\005.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\006.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\007.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\008.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\009.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\010.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\014.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\016.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\017.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\019.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\023.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\025.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\026.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\028.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\029.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\030.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\032.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\033.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\034.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\035.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\036.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\038.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\039.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\040.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\041.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\042.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\043.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\044.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\045.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\046.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\047.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\048.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\050.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\051.part Object is locked skipped
C:\Users\Jo\Downloads\eMule\Temp\052.part Object is locked skipped
C:\Users\Jo\ntuser.dat Object is locked skipped
C:\Users\Jo\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Jo\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Jo\ntuser.dat{41666b38-b346-11dc-9aff-001bb9bd18ab}.TM.blf Object is locked skipped
C:\Users\Jo\ntuser.dat{41666b38-b346-11dc-9aff-001bb9bd18ab}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jo\ntuser.dat{41666b38-b346-11dc-9aff-001bb9bd18ab}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\joana\AppData\Local\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Users\joana\AppData\Local\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\fidbox.dat Object is locked skipped
C:\Windows\System32\drivers\fidbox.idx Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

Scan process completed.
  • 0

#20
kahdah
Posted 03 February 2008 - 02:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good please empty your recycle bin.

Time for some housekeeping
  • Click START then Search then type in RUN click on the run option that appears.
  • Now type Combo-fix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
==================================
After that your log is clean. :)

Let me know how things are running?
  • 0

#21
JoB
Posted 04 February 2008 - 12:16 AM

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Looks good please empty your recycle bin.

Time for some housekeeping

  • Click START then Search then type in RUN click on the run option that appears.
  • Now type Combo-fix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
==================================
After that your log is clean. :)

Let me know how things are running?


Just tried and it ssays that windows couldnt find combo-fix/u..w~hat i do about the anti-virus..unstall avg and avast but it still giving the same message wth kaspersky..just dont let run..
  • 0

#22
kahdah
Posted 04 February 2008 - 01:43 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Unfortunately you will have to reinstall it.
Please just delete whatever we used and C:\Combofix and C:\qoobox.

I can tell you that to avoid this happening again do not download cracked software.
This is where the infection came from.

After that Your log is clean.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#23
JoB
Posted 04 February 2008 - 04:11 PM

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just install again avg and is working fine..now the only problem i have is with windows defender..when i run it it gives some problem with an aplication 0x800106ba...the same with windows update..in the contral painel...when i click to search more updates it gives an error..with the cod 80070422...dont rememebr if i had this before or not the ant-virus problem..many thanks for solved it but what i should do with tihs..wih the windows defeder and windows upadte?

Mnay thanks for the support, really apreciated..
  • 0

#24
kahdah
Posted 04 February 2008 - 06:09 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
This might help with the Updates error.
I found this link see if that works Update Link

Because Windows Defender is intergrated into Windows Vista I am sure that you cannot reinstall it.
I would try to contact Microsoft about that issue.
You can contact them VIa e-mail.
The contact information is in the above link.

If you don't have any more questions then we can wrap this one up.
  • 0

#25
JoB
Posted 04 February 2008 - 11:09 PM

JoB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

This might help with the Updates error.
I found this link see if that works Update Link

Because Windows Defender is intergrated into Windows Vista I am sure that you cannot reinstall it.
I would try to contact Microsoft about that issue.
You can contact them VIa e-mail.
The contact information is in the above link.

If you don't have any more questions then we can wrap this one up.


Many thanks for the link and all the support man.. :)

Jo
  • 0

Advertisements

#26
kahdah
Posted 05 February 2008 - 03:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#27
kahdah
Posted 05 February 2008 - 03:06 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP