Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Net-AWUS/Fake


  • This topic is locked This topic is locked

#16
ClarkLeslie

ClarkLeslie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Should I do the OTMove2 thing again then?

Hereīs the new scan results of Kaspersky, donīt know, did it remain the same, I had 42 infections, when I didnīt get the report of it, but never mind. They might be the same, but I post it again:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 7:11:36 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570059
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 102775
Number of viruses found: 14
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 01:23:32

Infected Object Name / Virus Name / Last Action
C:\a0f95735bfade0592e\antileak.txt Object is locked skipped
C:\a0f95735bfade0592e\webdriver0.log Object is locked skipped
C:\a0f95735bfade0592e\YServer.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\cert8.db Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\history.dat Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\key3.db Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\parent.lock Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Janek\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Janek\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Janek\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\dfsr.db Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\fsr.log Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3AF8_BA15_F8B9_CF7F\tmp.edb Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Application Data\Mozilla\Firefox\Profiles\w86vq455.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DF7369.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DF7431.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DFB7BE.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temp\~DFB7CE.tmp Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Janek\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Janek\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Janek\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Janek\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\govno.exe.vir Infected: Trojan-Dropper.Win32.Agent.drt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Pvmd53.sys.vir Infected: Trojan.Win32.Srizbi.j skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Yee23.sys.vir Infected: Email-Worm.Win32.Agent.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\LogCrypt.dll.vir Infected: Trojan.Win32.Agent.eub skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir Infected: Email-Worm.Win32.Agent.e skipped
C:\QooBox\Quarantine\catchme2008-02-16_210450.57.zip/Yee23.sys Infected: Trojan-Downloader.Win32.Agent.ici skipped
C:\QooBox\Quarantine\catchme2008-02-16_210450.57.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-02-16_213626.79.zip/Skx67.sys Infected: Email-Worm.Win32.Agent.e skipped
C:\QooBox\Quarantine\catchme2008-02-16_213626.79.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/keygen.exe Infected: Trojan.Win32.Inject.mt skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.hlr skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009317.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009318.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009319.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009320.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP40\A0009322.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP53\A0015493.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP57\A0015762.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP57\A0015764.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP58\A0016142.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe/data.rar Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016171.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe/data.rar Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016172.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016173.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016174.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016175.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016176.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016195.exe Infected: Trojan-Downloader.Win32.Tiny.ahl skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016210.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP59\A0016252.exe Infected: HackTool.Win32.Injecter.l skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP60\A0018285.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP65\A0023736.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP65\A0024015.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP68\A0025963.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP68\A0029995.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP69\A0030000.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP70\A0030156.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP70\A0030188.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP70\A0030236.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032282.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032297.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032309.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032312.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032324.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032333.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0032347.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP72\A0034442.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP73\A0036447.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP73\A0037457.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP74\A0037486.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP74\A0037487.sys Infected: Email-Worm.Win32.Agent.e skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP74\A0037547.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037557.exe Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037558.sys Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037559.dll Object is locked skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037562.dll Infected: Email-Worm.Win32.Agent.e skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037629.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037629.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\A0037629.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{1FFBB9A1-B219-4BD6-BD3A-FC3C06E639E1}\RP75\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\fnhoje Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

Advertisements


#17
ClarkLeslie

ClarkLeslie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Still the same:

File move failed. C:\WINDOWS\system32\fnhoje scheduled to be moved on reboot.

OTMoveIt2 v1.0.20 log created on 02172008_193626

Where should I move the fixthis.reg file, what I created before?


edit: I made a scan with SUPERAntiSpyware program and it showed me a rootkit, does the program of mine sucks or AVG lied to me?

Edited by ClarkLeslie, 17 February 2008 - 11:53 AM.

  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
The fix.reg file all you have to do is double click on it and it will ask you to merge it with the registry.
Click yes and then after doing that you can delete it.

The infections found by kaspersky are not threats anymore they are all in the system restore points and Combofix quarantine.
We will remove all of thise at once once this folder is gone :)
=============================================
For that stubborn folder let's do this :

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\WINDOWS\system32\fnhoje


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
  • 0

#19
ClarkLeslie

ClarkLeslie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\meoyrdew

*******************

Script file located at: \??\C:\Documents and Settings\xrwnvnwp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Error: C:\WINDOWS\system32\fnhoje is not a folder! It may instead be a file.
Deletion of folder C:\WINDOWS\system32\fnhoje failed!

Could not process line:
C:\WINDOWS\system32\fnhoje
Status: 0xc0000103


Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:20, on 17.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GhostWall\ghostwall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Delfi - {07818CC7-EDC8-45DC-9B6A-208293B8504B} - www.delfi.ee (file missing) (HKCU)
O9 - Extra button: MicroLink - {58C6AA38-7128-4FDB-8252-B61CF01A48C3} - www.microlink.ee (file missing) (HKCU)
O9 - Extra button: ML Arvutid - {BACAD19A-2ACA-47F1-9A23-5D3C70677126} - www.arvutid.ee (file missing) (HKCU)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchal...PowerLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hang...anSetup1010.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 21896 bytes
  • 0

#20
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#21
ClarkLeslie

ClarkLeslie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It seems that itīs gone now. :)

SDFix: Version 1.143

Run by Janek on P 17.02.2008 at 20:32

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Janek\Desktop\SDFix

Checking Services:

Name:
fnhoje

Path:
\??\C:\WINDOWS\system32\fnhoje

fnhoje - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\fnhoje - Deleted
C:\WINDOWS\system32\patch.exe - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:38:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:


File Backups: - C:\DOCUME~1\Janek\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 22 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 18 Jun 2007 350 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti27.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Janek\Application Data\U3\temp\Launchpad Removal.exe"

Finished!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:15, on 17.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GhostWall\ghostwall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EstEID AIP switch] C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5faf1d1853ca4fcd8ee4c3e9d56ad6e8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Delfi - {07818CC7-EDC8-45DC-9B6A-208293B8504B} - www.delfi.ee (file missing) (HKCU)
O9 - Extra button: MicroLink - {58C6AA38-7128-4FDB-8252-B61CF01A48C3} - www.microlink.ee (file missing) (HKCU)
O9 - Extra button: ML Arvutid - {BACAD19A-2ACA-47F1-9A23-5D3C70677126} - www.arvutid.ee (file missing) (HKCU)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp....GamesCampus.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchal...PowerLoader.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://skidrush.hang...anSetup1010.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: bw+0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3EBE03A9-E4C0-4813-9F0C-8C99C3C22855} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 21863 bytes
  • 0

#22
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great :) please delete these folders:
C:\Avenger and C:\SDFix
============================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===============
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will delete the following:

    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
===================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#23
ClarkLeslie

ClarkLeslie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Wow, everything seems to be incredibly fast now, thanks!

I read the article what you gave to me, downloaded Windows Defender and replaced my Java for a newer one.

I also read about firewall, isnīt Windows Firewall safe then? Should I download an other one, what you recommend? I noticed that trojan turned it off while I was on my computer, so I guess itīs not safe.

What programs are you recommending to keep my computer safe, Iīve got Ad-Aware, SUPERAntiSpyware, HijackThis(is it necessary anymore to me?), Spybot and AVG as my anti-virus program, although after what I saw, what my computer was doing without a proper one, I probably going to buy Kaspersky(or do you recommend another one?).

Thanks again.
  • 0

#24
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
WIndows Firewall isn't completely safe it only protects incoming traffic.

Avg is fine no need to replace it with n expensive one.
It can happen even then.
Hijackthis you can uninstall and delete the Hijackthis folder >C:\Program Files\Trend Micro\Hijackthis

You can download another third Party firewall from >Here.
This link will explain how to use firewalls to better understand them, Firewall tutorial

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP