Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my hijackthis log [CLOSED]

Started by codycjb , Apr 11 2008 10:37 AM

  • This topic is locked This topic is locked

#31
codycjb
Posted 15 April 2008 - 05:10 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:26 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6492 bytes
  • 0

Advertisements

#32
codycjb
Posted 15 April 2008 - 05:13 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
rootkit found nothing. but it did say fatal error when i started the scan,

Error: Could not initialize kernel driver memsweep.sys. Please restart and try again.

This service cannot be started in Safe Mode

but then it scaned threw and said nothing found.
  • 0

#33
codycjb
Posted 15 April 2008 - 05:15 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
im on the jottis scan right now but im not sure how to copy the findings to here.
  • 0

#34
codycjb
Posted 15 April 2008 - 05:17 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Scan taken on 15 Apr 2008 23:13:58 (GMT)
A-Squared Found Rootkit.Win32.Agent.agf
AntiVir Found RKIT/Agent.agf
ArcaVir Found Adware.Vapsup.Rw
Avast Found Win32:Agent-QOV
AVG Antivirus Found BackDoor.Generic9.ADKR
BitDefender Found nothing
ClamAV Found Trojan.Rootkit-745
CPsecure Found Rootkit.W32.Agent.agf
Dr.Web Found Trojan.NtRootKit.994
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Rootkit.Win32.Agent.agf
Fortinet Found W32/Agent.AGF!tr.rkit
Ikarus Found Virus.Win32.Agent.QOV
Kaspersky Anti-Virus Found Rootkit.Win32.Agent.agf
NOD32 Found Win32/Rootkit.Agent.AGF
Norman Virus Control Found W32/Rootkit.ERM
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Rootkit.Win32.Agent.agf

Last file scanned at least one scanner reported something about: hvNrtID.exe (MD5: 741412e2eae334a6036fb0b29fe0d60c, size: 82944 bytes), detected by:

Scanner Malware name
A-Squared Trojan.BAT.Agent.cu
AntiVir BDS/Agent.CU.8
ArcaVir X
Avast X
AVG Antivirus Generic_c.JCA
BitDefender X
ClamAV X
CPsecure Troj.BAT.Agent.cu
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus Trojan.BAT.Agent.cu
Fortinet X
Ikarus Trojan-Dropper.Win32.Delf.amq
Kaspersky Anti-Virus Trojan.BAT.Agent.cu
NOD32 X
Norman Virus Control W32/BAT_Smalltroj.MKV
Panda Antivirus X
Sophos Antivirus Mal/Generic-A
VirusBuster X
VBA32 Trojan.BAT.KillFiles.hr
  • 0

#35
codycjb
Posted 15 April 2008 - 05:19 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
0628A65766.sys

Scan taken on 15 Apr 2008 23:18:00 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Last file scanned at least one scanner reported something about: WC3Banlist.exe (MD5: 3e2eec1658d90402d8f10d275636692f, size: 1137664 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure BackDoor.W32.Hupigon.rvg
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X
  • 0

#36
andrewuk
Posted 15 April 2008 - 05:21 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
i take it the first jotti report (in post #34) was for C:\WINDOWS\system32\drivers\nkv2.sys?
  • 0

#37
codycjb
Posted 15 April 2008 - 05:23 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
yes sorry about that.
  • 0

#38
andrewuk
Posted 15 April 2008 - 05:24 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\nkv2.sys

Driver::
USB2_04


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

.....and let me know if you can now get into normal mode?

andrewuk
  • 0

#39
codycjb
Posted 15 April 2008 - 05:43 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
ComboFix 08-04-14.2 - John 2008-04-15 19:26:38.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.106 [GMT -4:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John\Desktop\CFScript.txt

FILE ::
c:\windows\system32\drivers\nkv2.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\nkv2.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_USB2_04


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 19:12 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\29.tmp
2008-04-15 18:54 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\27.tmp
2008-04-15 18:53 . 2008-04-15 18:53 <DIR> d-------- C:\Program Files\Sophos
2008-04-12 11:52 . 2008-04-12 11:52 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-11 20:17 . 2004-08-04 07:00 1,032,192 --a------ C:\WINDOWS\explorer.exe
2008-04-11 20:12 . 2008-04-11 20:14 <DIR> d-------- C:\Documents and Settings\John\Application Data\AVG7
2008-04-11 20:11 . 2008-04-11 20:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-11 20:09 . 2008-04-11 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-11 20:09 . 2008-04-11 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-11 19:38 . 2008-04-11 19:38 47,104 --a------ C:\23.tmp
2008-04-11 19:38 . 2008-04-11 19:38 3,276 --a------ C:\26.tmp
2008-04-11 19:38 . 2008-04-11 19:38 3,276 --a------ C:\18.tmp
2008-04-11 19:35 . 2008-04-15 17:27 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-04-11 18:46 . 2008-04-11 18:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 18:46 . 2008-04-11 18:46 <DIR> d-------- C:\Documents and Settings\John\Application Data\Malwarebytes
2008-04-11 18:46 . 2008-04-11 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 18:13 . 2008-04-11 18:13 <DIR> d-------- C:\Deckard
2008-04-11 17:21 . 2008-04-11 17:21 3,276 --a------ C:\36.tmp
2008-04-11 17:21 . 2008-04-11 17:21 3,276 --a------ C:\34.tmp
2008-04-11 17:17 . 2008-04-11 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 17:08 . 2008-04-11 17:08 3,276 --a------ C:\33.tmp
2008-04-11 16:55 . 2008-04-11 16:55 3,276 --a------ C:\30.tmp
2008-04-11 16:55 . 2008-04-11 16:55 3,276 --a------ C:\28.tmp
2008-04-11 16:51 . 2008-04-11 16:51 311 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-11 16:46 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-11 16:46 . 2007-06-30 23:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-11 16:46 . 2007-06-30 23:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-11 16:46 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-11 16:46 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-11 16:46 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-11 16:46 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-11 16:46 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-11 16:46 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-11 16:21 . 2008-04-11 16:21 3,276 --a------ C:\27.tmp
2008-04-11 16:20 . 2008-04-11 16:21 3,276 --a------ C:\25.tmp
2008-04-11 15:57 . 2008-04-11 15:57 3,276 --a------ C:\24.tmp
2008-04-11 15:57 . 2008-04-11 15:57 3,276 --a------ C:\22.tmp
2008-04-11 15:52 . 2008-04-11 15:52 <DIR> d-------- C:\_OTMoveIt
2008-04-11 14:53 . 2008-04-11 14:53 3,276 --a------ C:\17.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\21.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\1C.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\1B.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\1A.tmp
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 14:42 . 2008-04-14 16:21 <DIR> d-------- C:\SDFix
2008-04-09 18:23 . 2008-04-09 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 18:22 . 2008-04-09 18:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-09 18:18 . 2006-03-22 08:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-09 18:18 . 2008-04-11 20:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-09 18:16 . 2008-04-09 18:16 2 --a------ C:\B.tmp
2008-04-09 17:38 . 2008-04-09 17:31 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-09 17:38 . 2008-04-09 17:38 2,542 --a------ C:\WINDOWS\unins000.dat
2008-04-09 14:05 . 2008-04-09 14:05 0 --a------ C:\20.tmp
2008-04-09 14:04 . 2008-04-09 14:04 0 --a------ C:\1D.tmp
2008-04-09 14:04 . 2008-04-09 14:04 0 --a------ C:\19.tmp
2008-04-09 14:03 . 2008-04-09 14:04 2 --a------ C:\15.tmp
2008-04-09 14:03 . 2008-04-09 14:03 0 --a------ C:\14.tmp
2008-04-09 06:42 . 2008-04-09 06:42 0 --a------ C:\1F.tmp
2008-04-09 06:41 . 2008-04-09 06:41 0 --a------ C:\1E.tmp
2008-04-09 06:36 . 2008-04-09 06:36 0 --a------ C:\16.tmp
2008-04-09 06:35 . 2008-04-09 06:36 2 --a------ C:\13.tmp
2008-04-09 06:35 . 2008-04-09 06:35 0 --a------ C:\F.tmp
2008-04-08 18:58 . 2008-04-08 06:49 160,256 --a------ C:\WINDOWS\system32\AF.tmp
2008-04-08 07:18 . 2008-04-08 07:18 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-08 06:50 . 2008-04-08 06:50 2 --a------ C:\12.tmp
2008-04-07 11:25 . 2008-04-07 11:25 2 --a------ C:\6.tmp
2008-04-07 10:50 . 2008-04-07 10:50 29 --a------ C:\WINDOWS\system32\qrfwapis.tmp
2008-04-07 10:49 . 2008-04-07 10:49 0 --a------ C:\2F.tmp
2008-04-07 10:48 . 2008-04-09 14:04 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-07 10:48 . 2008-04-07 10:48 0 --a------ C:\2E.tmp
2008-04-07 10:48 . 2008-04-07 10:48 0 --a------ C:\2C.tmp
2008-04-07 10:47 . 2008-04-07 10:48 2 --a------ C:\2B.tmp
2008-04-07 10:47 . 2008-04-07 10:47 0 --a------ C:\2A.tmp
2008-04-01 04:12 . 2008-04-01 04:12 16 --a------ C:\s3ck
2008-03-28 16:02 . 2008-03-28 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-28 16:00 . 2008-03-28 16:01 <DIR> d-------- C:\Program Files\Dell Support Center
2008-03-28 16:00 . 2008-03-28 16:00 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-20 00:51 . 2008-03-20 00:51 16 --a------ C:\s2p8
2008-03-19 11:34 . 2008-03-19 11:34 16 --a------ C:\s2i4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 10:57 90,112 ----a-w C:\WINDOWS\DUMP612b.tmp
2008-04-11 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-11 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 21:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-28 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-20 20:07 --------- d-----w C:\Documents and Settings\John\Application Data\Corel
.

------- Sigcheck -------

2004-08-04 07:00 17408 1b2d5bde0478a770eccb28eb45017cb2 C:\WINDOWS\system32\svchost.exe

2004-08-04 07:00 506368 19aba4dbec658fba6611906ab35c7c2b C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-15_18.47.05.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 22:05:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 23:29:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 21:04 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-11-14 18:33 8716288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 05:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-22 08:27 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-22 08:27 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 03:12 1838592]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 15:02 57344]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-11-15 08:07 380928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 17:16 1121792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-11 20:10 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-11-14 18:33 8716288]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-11 20:10 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-03-22 08:27:10 156784]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-03-25 15:12:21 217088]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-22 08:24:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwc05.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\29.tmp [2007-08-14 08:12]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 19:30:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\29.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-04-15 19:35:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 23:35:19
ComboFix2.txt 2008-04-15 22:47:29

Pre-Run: 63,280,611,328 bytes free
Post-Run: 63,271,325,696 bytes free
.
2008-02-14 08:03:07 --- E O F ---
  • 0

#40
codycjb
Posted 15 April 2008 - 05:45 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Still no normal mode, still has a fatal system error message.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:00 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 6492 bytes
  • 0

Advertisements

#41
andrewuk
Posted 15 April 2008 - 05:52 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

Still no normal mode, still has a fatal system error message.

interesting, i may end up sending you to another part of this forum once we are done here.

your logs are starting to look much better :)

in this post we will do a couple of scans to see what else is lurking on your machine.

the scans will likely take 2 hours, quite possibly much longer. so just let them run. (and i am off to bed, so i will be unlikely to reply until tomorrow)


====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

====STEP 3====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next reply could i see:
1. the AVG Anti-spyware report
2. the kaspersky log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#42
codycjb
Posted 15 April 2008 - 06:51 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:49:39 PM 4/15/2008

+ Scan result:



HKU\S-1-5-21-2128537247-3477538172-64273159-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0029771.dll -> Downloader.Agent.dhy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2008-04-15_175522.89.zip/Documents and Settings/John/Desktop/catchme.zip/Qwc05.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0020349.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0021357.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022350.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022383.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023383.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023441.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024441.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024447.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024461.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024477.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0025486.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027486.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027516.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027527.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027536.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027549.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\A0027721.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028540.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029359.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0029796.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0031778.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032779.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032789.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032808.sys -> Downloader.Agent.lxa : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp -> Downloader.Mutant.de : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\04112008_155248\DOCUME~1\John\LOCALS~1\Temp\3D31.tmp -> Downloader.Mutant.de : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\20080414162641\backup\WINDOWS\temp\BN1.tmp -> Downloader.Mutant.jz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP715\A0019180.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Documents and Settings\John\Application Data\ECURIT~1\wοwexec.exe.vir -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023429.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032863.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\_OTMoveIt\MovedFiles\04112008_155248\Documents and Settings\John\Application Data\ѕecurity\wοwexec.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2008-04-15_175522.89.zip/Documents and Settings/John/Desktop/catchme.zip/VNKQ50.sys -> Rootkit.Agent.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023442.sys -> Rootkit.Agent.aee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024437.sys -> Rootkit.Agent.aee : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\nkv2.sys.vir -> Rootkit.Agent.agf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032980.sys -> Rootkit.Agent.agf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Deckard\System Scanner\20080414162641\backup\DOCUME~1\John\LOCALS~1\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Deckard\System Scanner\20080414162641\backup\DOCUME~1\John\LOCALS~1\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
  • 0

#43
codycjb
Posted 16 April 2008 - 01:46 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 16, 2008 3:45:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 708540
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 65250
Number of viruses found: 21
Number of infected objects: 116
Number of suspicious objects: 6
Duration of the scan process: 01:00:47

Infected Object Name / Virus Name / Last Action
C:\23.tmp Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt1B.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.c skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt1B.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.c skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt1B.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt23.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt23.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt23.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt31.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt31.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt31.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp/stream/data0010 Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp/stream/data0012 Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp/stream Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp NSIS: infected - 3 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.ttB4.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.ttB4.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.ttB4.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\4B90.tmp Infected: Trojan-Downloader.Win32.Cntr.a skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\BN28.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\ismtpa15.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\ismtpa15.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\ismtpa15.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\{0DC05D8E-10FB-EE4F-AC22-765249C71A7C}-BN16.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN13.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN14.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN17.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN18.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN19.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN3.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN4.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN5.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN7.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN8.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN8B.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNC.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BND.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNE.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNF.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant9.zip/sais.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012008041520080416\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\Perflib_Perfdata_580.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ntos.exe.vir Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0020344.dll Infected: Trojan-Downloader.Win32.Mutant.ig skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0021344.dll Infected: Trojan-Downloader.Win32.Mutant.ig skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0021349.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022344.dll Infected: Trojan-Downloader.Win32.Mutant.ig skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022349.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022379.dll Infected: Trojan-Downloader.Win32.Mutant.hm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022385.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023379.dll Infected: Trojan-Downloader.Win32.Mutant.hm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023413.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023414.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023415.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023426.exe Infected: Email-Worm.Win32.Zhelatin.ww skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023437.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024438.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024443.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024451.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024456.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024468.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024473.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024479.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0025481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0026481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027521.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027532.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027544.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\A0027568.exe Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\A0027659.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028318.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028320.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028421.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028426.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028435.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028505.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028533.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028544.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029137.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029139.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029240.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029245.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029254.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029324.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029352.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029374.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734\A0029408.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0029713.exe Infected: Email-Worm.Win32.Zhelatin.ww skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0029773.exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0029824.exe Infected: Trojan.Win32.Patched.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0030757.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0030763.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0030770.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0031770.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0031774.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032774.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032775.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032785.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032795.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032796.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032804.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032945.exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0033037.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\Documents and Settings\John\cftmon.exe Infected: Worm.Win32.Socks.bn skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\Documents and Settings\John\My Documents\sуmbols\scanregw.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.bn skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped

Scan process completed.
  • 0

#44
codycjb
Posted 16 April 2008 - 02:08 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
i think im am just going to try reinstalling windows. i dont really need any of the files on this computer. i need this computer to run my body shop and i havent been able to do quotes for over a week now. iv had to turn away alot of customers. i dont want to go another day without it. and you said something before about after we are done i might have to work with someone else to get into normal mode. i think it will be faster to reinstall windows. what do u think
  • 0

#45
codycjb
Posted 16 April 2008 - 04:39 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
nevermind, im not going to reinstall. i had a little breakthrew. i got into windows in normal mode. i started my computer and did the f8 thing to get to the menu and clicked on Last known good configuration. that got me back into windows. most of the problems i had before are gone but i still want to continue cleaning the system. thanks you very much for all the help so far.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP