Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how to get rid of MyWebSearch and Trymedia [CLOSED]


  • This topic is locked This topic is locked

#1
aturetsky

aturetsky

    New Member

  • Member
  • Pip
  • 1 posts
Below is the Kaspersky log of my system scan, which is allegedly "infected." The references to skoach-connect and turo-connect are fine as these are vnc-based utilities that I use for remote connectivity.
However, in it I also see references to MyWebSearch and Trymedia, for which there are no uninstall files, since I may have at one point deleted them directly from the system. How do I get rid of these? Does anything else in my log look suspicious? Also, under the Kaspersky log I am also posting the HijackThis log, but neither MyWebSearch nor Trymedia show up (MyWebSearch used to show up on it, but I supposedly "fixed" it with HijackThis)


-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Thursday, March 06, 2008 11:13:09 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  7/03/2008
 Kaspersky Anti-Virus database records: 607190
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\

Scan Statistics:
	Total number of scanned objects: 61196
	Number of viruses found: 21
	Number of infected objects: 80
	Number of suspicious objects: 0
	Duration of the scan process: 02:02:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Alex\Application Data\Ilium Software\ListPro\ListProAlarms.adb	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\ispnews\ispn.ini	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\ispnews\ispnc.items	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\ispnews\ispnr.items	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Alex\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Alex\Desktop\SkoachCoach.exe/file2	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\Documents and Settings\Alex\Desktop\SkoachCoach.exe	Inno: infected - 1	skipped
C:\Documents and Settings\Alex\Desktop\SkoachConnect.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\Documents and Settings\Alex\Desktop\SkoachConnect.exe	7-Zip: infected - 1	skipped
C:\Documents and Settings\Alex\Desktop\SkoachConnect.exe	UPX: infected - 1	skipped
C:\Documents and Settings\Alex\Desktop\turo-connect.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\Documents and Settings\Alex\Desktop\turo-connect.exe	7-Zip: infected - 1	skipped
C:\Documents and Settings\Alex\Desktop\turo-connect.exe	UPX: infected - 1	skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe/file04	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe/file05	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe/file34	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102	skipped
C:\Documents and Settings\Alex\Desktop\UltraVNC-102-Setup.exe	Inno: infected - 3	skipped
C:\Documents and Settings\Alex\Desktop\vnc-4_1_1-x86_win32.exe/file1	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110	skipped
C:\Documents and Settings\Alex\Desktop\vnc-4_1_1-x86_win32.exe/file3	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\Documents and Settings\Alex\Desktop\vnc-4_1_1-x86_win32.exe	Inno: infected - 2	skipped
C:\Documents and Settings\Alex\Desktop\vncviewer.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102	skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla\Firefox\Profiles\lt1jxpv3.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Alex\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Alex\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Alex\Yugma\lib\DskHooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370	skipped
C:\Documents and Settings\Alex\Yugma\lib\YugmaPlugin.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360	skipped
C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output\Alex\~Running.ping	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\DskHooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370	skipped
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\YugmaPlugin.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Blue Coat K9 Web Protection\cwmlog.txt	Object is locked	skipped
C:\Program Files\Blue Coat K9 Web Protection\urls.log	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\deleteme_msg.log	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe.Qrt.log	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\perf.dat	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\power.dat	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.dbg	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.log	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsbwupst.log	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\Stlst\StatListDb.dat	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\csdk\Stlst\StatListDb.idx	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\logs\fspcwld.dat	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\FSPC\logs\fspcwli.dat	Object is locked	skipped
C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt	Object is locked	skipped
C:\Program Files\UltraVNC\vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Program Files\UltraVNC\vncviewer.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102	skipped
C:\Program Files\UltraVNC\winvnc.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070642.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.l	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070643.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.af	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070644.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.f	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070645.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.z	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070646.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070647.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070648.scr	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP227\A0070652.exe	Infected: not-a-virus:AdWare.Win32.Trymedia.b	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP230\A0070999.dll	Infected: not-a-virus:AdTool.Win32.MyWebSearch.i	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071127.SCR	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071128.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.v	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071129.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071130.EXE	Infected: not-a-virus:AdTool.Win32.MyWebSearch.a	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071131.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.l	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071132.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071133.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071134.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071135.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.l	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071137.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.p	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071138.EXE	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071139.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071140.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071141.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch.i	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071142.EXE	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP232\A0071143.DLL	Infected: not-a-virus:AdTool.Win32.MyWebSearch	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP266\A0078020.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP266\A0078022.exe	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP281\A0081266.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP281\A0081266.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP281\A0081266.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081373.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081373.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081373.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081374.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081374.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081374.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081375.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081375.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081375.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081378.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081378.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081378.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081381.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081381.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081381.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081383.exe/file2	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081383.exe	Inno: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081385.exe/file2	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081385.exe	Inno: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081386.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081386.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081386.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081388.exe/vnchooks.dll	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081388.exe	7-Zip: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP284\A0081388.exe	UPX: infected - 1	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP294\A0084001.exe	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP294\A0084002.exe	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP305\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\AVP7D5D.tmp	Object is locked	skipped
C:\WINDOWS\Temp\AVP7D5E.tmp	Object is locked	skipped
C:\WINDOWS\Temp\AVP7D61.tmp	Object is locked	skipped
C:\WINDOWS\Temp\AVP7D62.tmp	Object is locked	skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\5964	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:08 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LXDBCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,[email protected]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: lxdb_device -   - C:\WINDOWS\system32\lxdbcoms.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

--
End of file - 7371 bytes

  • 0

Advertisements


#2
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
You dont need to put your posts into quote tags. Just post them as they are.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP