Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my hijackthis log [CLOSED]

Started by codycjb , Apr 11 2008 10:37 AM

  • This topic is locked This topic is locked

#46
andrewuk
Posted 16 April 2008 - 05:00 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

i think im am just going to try reinstalling windows. i dont really need any of the files on this computer. i need this computer to run my body shop and i havent been able to do quotes for over a week now. iv had to turn away alot of customers. i dont want to go another day without it. and you said something before about after we are done i might have to work with someone else to get into normal mode. i think it will be faster to reinstall windows. what do u think

if speed is the key issue here, then re-installing would be the best course of action. i expect it would take me 2 more posts and then a few more from else where in this forum to get this done.

if you chose to re-install, my key advice would be to install an antivirus program.

andrewuk
  • 0

Advertisements

#47
codycjb
Posted 17 April 2008 - 02:18 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
no i dont want to reinstall anymore. i got into normal mode and my computer is working pretty good right now. still a little slow but working. i would like to keep cleaning the system of whatever viruses are on it.
  • 0

#48
andrewuk
Posted 17 April 2008 - 02:23 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, lets see where we stand now that you can get into normal mode.

could you run combofix again and post the log and a new hijackthis log please.

andrewuk
  • 0

#49
codycjb
Posted 17 April 2008 - 02:33 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
ComboFix 08-04-14.2 - John 2008-04-17 16:26:00.4 - NTFSx86
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-15 20:53 . 2008-04-15 20:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 20:53 . 2008-04-15 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-15 19:59 . 2008-04-15 19:59 <DIR> d-------- C:\Documents and Settings\John\Application Data\Grisoft
2008-04-15 19:58 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-15 19:12 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\29.tmp
2008-04-15 18:54 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\27.tmp
2008-04-15 18:53 . 2008-04-15 18:53 <DIR> d-------- C:\Program Files\Sophos
2008-04-12 11:52 . 2008-04-12 11:52 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-11 20:17 . 2007-06-13 06:23 1,033,216 --a------ C:\WINDOWS\explorer.exe
2008-04-11 20:12 . 2008-04-16 17:27 <DIR> d-------- C:\Documents and Settings\John\Application Data\AVG7
2008-04-11 20:11 . 2008-04-11 20:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-11 20:09 . 2008-04-16 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-11 20:09 . 2008-04-16 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-11 19:38 . 2008-04-11 19:38 47,104 --a------ C:\23.tmp
2008-04-11 19:38 . 2008-04-11 19:38 3,276 --a------ C:\26.tmp
2008-04-11 19:38 . 2008-04-11 19:38 3,276 --a------ C:\18.tmp
2008-04-11 19:35 . 2008-04-15 17:27 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-04-11 18:46 . 2008-04-11 18:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 18:46 . 2008-04-11 18:46 <DIR> d-------- C:\Documents and Settings\John\Application Data\Malwarebytes
2008-04-11 18:46 . 2008-04-11 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 18:13 . 2008-04-11 18:13 <DIR> d-------- C:\Deckard
2008-04-11 17:21 . 2008-04-11 17:21 3,276 --a------ C:\36.tmp
2008-04-11 17:21 . 2008-04-11 17:21 3,276 --a------ C:\34.tmp
2008-04-11 17:17 . 2008-04-11 17:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 17:08 . 2008-04-11 17:08 3,276 --a------ C:\33.tmp
2008-04-11 16:55 . 2008-04-11 16:55 3,276 --a------ C:\30.tmp
2008-04-11 16:55 . 2008-04-11 16:55 3,276 --a------ C:\28.tmp
2008-04-11 16:51 . 2008-04-11 16:51 311 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-11 16:46 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-11 16:46 . 2007-06-30 23:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-11 16:46 . 2007-06-30 23:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-11 16:46 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-11 16:46 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-11 16:46 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-11 16:46 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-11 16:46 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-11 16:46 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-11 16:21 . 2008-04-11 16:21 3,276 --a------ C:\27.tmp
2008-04-11 16:20 . 2008-04-11 16:21 3,276 --a------ C:\25.tmp
2008-04-11 15:57 . 2008-04-11 15:57 3,276 --a------ C:\24.tmp
2008-04-11 15:57 . 2008-04-11 15:57 3,276 --a------ C:\22.tmp
2008-04-11 15:52 . 2008-04-11 15:52 <DIR> d-------- C:\_OTMoveIt
2008-04-11 14:53 . 2008-04-11 14:53 3,276 --a------ C:\17.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\21.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\1C.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\1B.tmp
2008-04-11 14:53 . 2008-04-11 14:53 0 --a------ C:\1A.tmp
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 14:42 . 2008-04-14 16:21 <DIR> d-------- C:\SDFix
2008-04-09 18:23 . 2008-04-09 18:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 18:22 . 2008-04-09 18:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-09 18:18 . 2006-03-22 08:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-04-09 18:18 . 2008-04-16 17:34 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-09 18:16 . 2008-04-09 18:16 2 --a------ C:\B.tmp
2008-04-09 17:38 . 2008-04-09 17:31 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-09 17:38 . 2008-04-09 17:38 2,542 --a------ C:\WINDOWS\unins000.dat
2008-04-09 14:05 . 2008-04-09 14:05 0 --a------ C:\20.tmp
2008-04-09 14:04 . 2008-04-09 14:04 0 --a------ C:\1D.tmp
2008-04-09 14:04 . 2008-04-09 14:04 0 --a------ C:\19.tmp
2008-04-09 14:03 . 2008-04-09 14:04 2 --a------ C:\15.tmp
2008-04-09 14:03 . 2008-04-09 14:03 0 --a------ C:\14.tmp
2008-04-09 06:42 . 2008-04-09 06:42 0 --a------ C:\1F.tmp
2008-04-09 06:41 . 2008-04-09 06:41 0 --a------ C:\1E.tmp
2008-04-09 06:36 . 2008-04-09 06:36 0 --a------ C:\16.tmp
2008-04-09 06:35 . 2008-04-09 06:36 2 --a------ C:\13.tmp
2008-04-09 06:35 . 2008-04-09 06:35 0 --a------ C:\F.tmp
2008-04-08 18:58 . 2008-04-08 06:49 160,256 --a------ C:\WINDOWS\system32\AF.tmp
2008-04-08 07:18 . 2008-04-08 07:18 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-08 06:50 . 2008-04-08 06:50 2 --a------ C:\12.tmp
2008-04-07 11:25 . 2008-04-07 11:25 2 --a------ C:\6.tmp
2008-04-07 10:50 . 2008-04-07 10:50 29 --a------ C:\WINDOWS\system32\qrfwapis.tmp
2008-04-07 10:49 . 2008-04-07 10:49 0 --a------ C:\2F.tmp
2008-04-07 10:48 . 2008-04-09 14:04 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-07 10:48 . 2008-04-07 10:48 0 --a------ C:\2E.tmp
2008-04-07 10:48 . 2008-04-07 10:48 0 --a------ C:\2C.tmp
2008-04-07 10:47 . 2008-04-07 10:48 2 --a------ C:\2B.tmp
2008-04-07 10:47 . 2008-04-07 10:47 0 --a------ C:\2A.tmp
2008-04-01 04:12 . 2008-04-01 04:12 16 --a------ C:\s3ck
2008-03-28 16:02 . 2008-03-28 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-28 16:00 . 2008-03-28 16:01 <DIR> d-------- C:\Program Files\Dell Support Center
2008-03-28 16:00 . 2008-03-28 16:00 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-20 00:51 . 2008-03-20 00:51 16 --a------ C:\s2p8
2008-03-19 11:34 . 2008-03-19 11:34 16 --a------ C:\s2i4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 10:57 90,112 ----a-w C:\WINDOWS\DUMP612b.tmp
2008-04-11 22:59 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-11 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-11 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 21:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-28 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-20 20:07 --------- d-----w C:\Documents and Settings\John\Application Data\Corel
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:32 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:32 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:32 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:32 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

------- Sigcheck -------

2004-08-04 07:00 17408 1b2d5bde0478a770eccb28eb45017cb2 C:\WINDOWS\system32\svchost.exe

2004-08-04 07:00 506368 19aba4dbec658fba6611906ab35c7c2b C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-15_18.47.05.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
- 2008-04-15 22:05:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 16:07:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-06-13 10:23:07 1,033,216 ------w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-08-13 22:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 21:04 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-11-14 18:33 8716288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 05:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-22 08:27 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-22 08:27 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 03:12 1838592]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 21:20 8192]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 15:02 57344]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-11-15 08:07 380928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 17:16 1121792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-11-14 18:33 8716288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-03-22 08:27:10 156784]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2006-03-25 15:12:21 217088]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-22 08:24:19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwc05.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 16:29:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-04-17 16:32:35
ComboFix-quarantined-files.txt 2008-04-17 20:32:24
ComboFix2.txt 2008-04-15 23:35:23
ComboFix3.txt 2008-04-15 22:47:29

Pre-Run: 62,868,312,064 bytes free
Post-Run: 62,852,788,224 bytes free
.
2008-04-17 16:01:28 --- E O F ---
  • 0

#50
codycjb
Posted 17 April 2008 - 02:34 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:45 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7327 bytes
  • 0

#51
andrewuk
Posted 17 April 2008 - 02:46 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
we will update your java and i want to do the kaspersky scan again

====STEP 1====
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are two or three options in the window to clear the cache - Leave ALL Checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

====STEP 2====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

andrewuk
  • 0

#52
codycjb
Posted 17 April 2008 - 05:02 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 17, 2008 7:01:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 712987
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73823
Number of viruses found: 21
Number of infected objects: 116
Number of suspicious objects: 6
Duration of the scan process: 01:22:16

Infected Object Name / Virus Name / Last Action
C:\23.tmp Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt1B.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.c skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt1B.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.c skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt1B.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt23.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt23.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt23.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt31.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt31.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt31.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp/stream/data0010 Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp/stream/data0012 Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp/stream Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.tt66.tmp NSIS: infected - 3 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.ttB4.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.ttB4.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.d skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\.ttB4.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\4B90.tmp Infected: Trojan-Downloader.Win32.Cntr.a skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\BN28.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\ismtpa15.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\ismtpa15.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\ismtpa15.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp\{0DC05D8E-10FB-EE4F-AC22-765249C71A7C}-BN16.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN13.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN14.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN17.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN18.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN19.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN3.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN4.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN5.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN7.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN8.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BN8B.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNC.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BND.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNE.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp\BNF.tmp Infected: Trojan-Downloader.Win32.Agent.mkb skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant9.zip/sais.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\John\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\John\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\History\History.IE5\MSHist012008041720080418\index.dat Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\hsperfdata_John\2196 Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temp\JETDDA9.tmp Object is locked skipped
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ntos.exe.vir Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\WLCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0020344.dll Infected: Trojan-Downloader.Win32.Mutant.ig skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0021344.dll Infected: Trojan-Downloader.Win32.Mutant.ig skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0021349.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022344.dll Infected: Trojan-Downloader.Win32.Mutant.ig skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022349.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022379.dll Infected: Trojan-Downloader.Win32.Mutant.hm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0022385.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023379.dll Infected: Trojan-Downloader.Win32.Mutant.hm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023413.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023414.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023415.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023426.exe Infected: Email-Worm.Win32.Zhelatin.ww skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0023437.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024438.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024443.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024451.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024456.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024468.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024473.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024479.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0024481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0025481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0026481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027481.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027521.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027532.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729\A0027544.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\A0027568.exe Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\A0027659.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028318.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028320.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028421.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028426.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028435.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028505.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028533.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\A0028544.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029137.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029139.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029240.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029245.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029254.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029324.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029352.dll Infected: Trojan-Downloader.Win32.Mutant.hx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733\A0029374.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734\A0029408.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0029713.exe Infected: Email-Worm.Win32.Zhelatin.ww skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\A0029773.exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0029824.exe Infected: Trojan.Win32.Patched.aa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0030757.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736\A0030763.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0030770.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0031770.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0031774.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032774.dll Infected: Trojan-Downloader.Win32.Mutant.lt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032775.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032785.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032795.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032796.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032804.dll Infected: Trojan-Downloader.Win32.Mutant.lr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0032945.exe Infected: Trojan-Spy.Win32.Zbot.avh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737\A0033037.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E7150D32-42FD-4978-BB40-124C9950D871}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\Documents and Settings\John\cftmon.exe Infected: Worm.Win32.Socks.bn skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\Documents and Settings\John\My Documents\sуmbols\scanregw.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.bn skipped
C:\_OTMoveIt\MovedFiles\04112008_155248\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.ly skipped

Scan process completed.
  • 0

#53
andrewuk
Posted 18 April 2008 - 09:31 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
it seems that your machine is clean except for the following picked up by the kaspersky scan:

C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa skipped

at this stage i am not clear if they are false positives or actual infections (i am leaning towards the latter). unfortunately they are also key system files which was probably why when you loaded and ran the AVG antivirus program it cleared them out and so prevented you from running the machine normally.

hence, i am going to do some research on these items but in the meantime i would advise not to load up an antivirus program (which is rare advice i admit) but also to keep your machine offline as much as possible - it is very vulnerable to re-infection.

i will be back with further instructions.

andrewuk
  • 0

#54
andrewuk
Posted 18 April 2008 - 09:37 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
andrewuk
  • 0

#55
codycjb
Posted 18 April 2008 - 03:34 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
lsass.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
services.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
spoolsv.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
svchost.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
winlogon.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
02577625.FIL;C:\$VAULT$.AVG;Trojan.Starter.384;Cured.;
4B90.tmp;C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp;Trojan.Packed.426;Deleted.;
BN28.tmp;C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp;Trojan.DownLoader.56617;Deleted.;
{0DC05D8E-10FB-EE4F-AC22-765249C71A7C}-BN16.tmp;C:\Deckard\System Scanner\20080411184446\backup\DOCUME~1\John\LOCALS~1\Temp;Trojan.DownLoader.56617;Deleted.;
BN13.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN14.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN17.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN18.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN19.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN3.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN4.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN5.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN7.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN8.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BN8B.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BNC.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BND.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BNE.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
BNF.tmp;C:\Deckard\System Scanner\20080411184446\backup\WINDOWS\temp;Trojan.DownLoader.56617;Deleted.;
RegUBP2b-John.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;;
WLCtrl32.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.54123;Deleted.;
WLCtrl32.dl_.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.57335;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0020344.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0021344.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0022344.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0022379.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0023379.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0023413.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.Fakealert;Deleted.;
A0023426.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.Packed.426;Deleted.;
A0023427.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.Packed.142;Deleted.;
A0023437.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.56882;Deleted.;
A0024438.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.56882;Deleted.;
A0024443.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.56882;Deleted.;
A0024456.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.56882;Deleted.;
A0024468.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.56882;Deleted.;
A0024473.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0024481.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0025481.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0026481.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0027481.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0027521.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0027532.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
A0027544.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP729;Trojan.DownLoader.54123;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP730\snapshot;Trojan.DownLoader.54123;Deleted.;
A0027659.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731;Trojan.DownLoader.54123;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP731\snapshot;Trojan.DownLoader.54123;Deleted.;
A0028320.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Trojan.DownLoader.54123;Deleted.;
A0028409.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Tool.Prockill;;
A0028533.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Trojan.DownLoader.54123;Deleted.;
A0028544.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732;Trojan.DownLoader.54123;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP732\snapshot;Trojan.DownLoader.54123;Deleted.;
A0029139.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733;Trojan.DownLoader.54123;Deleted.;
A0029228.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733;Tool.Prockill;;
A0029352.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP733;Trojan.DownLoader.56882;Deleted.;
A0029385.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734;Trojan.Click.1487;Deleted.;
A0029386.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734;Trojan.Click.1487;Deleted.;
A0029409.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734;Tool.ShutDown.11;;
A0029422.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734;Tool.ShutDown.11;;
MFEX-1.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP734\snapshot;Trojan.DownLoader.54123;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP735\snapshot;Trojan.DownLoader.54123;Deleted.;
A0029824.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736;Trojan.Starter.384;Cured.;
A0030757.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736;Trojan.DownLoader.54123;Deleted.;
A0030763.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP736;Trojan.DownLoader.54123;Deleted.;
A0030770.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0031770.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0031774.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032774.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032775.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032785.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032795.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032796.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032804.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.DownLoader.54123;Deleted.;
A0032831.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably BATCH.Virus;;
A0032836.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably SCRIPT.Virus;;
A0032865.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably BATCH.Virus;;
A0032888.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Program.PsExec.170;;
A0032908.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably SCRIPT.Virus;;
A0032939.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Program.PsExec.170;;
A0032950.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably BATCH.Virus;;
A0032955.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably SCRIPT.Virus;;
A0032992.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Program.PsExec.170;;
A0032996.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably BATCH.Virus;;
A0033003.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Probably SCRIPT.Virus;;
A0033036.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP737;Trojan.Click.1255;Incurable.Moved.;
A0033209.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP740;Probably BATCH.Virus;;
A0033215.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP740;Probably SCRIPT.Virus;;
A0033262.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.Starter.384;Cured.;
A0033263.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.Starter.384;Cured.;
A0033264.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.Starter.384;Cured.;
A0033265.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.Starter.384;Cured.;
A0033266.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.Starter.384;Cured.;
A0033267.reg;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP741;Trojan.StartPage.1505;Deleted.;
WLCtrl32.dll;C:\_OTMoveIt\MovedFiles\04112008_155248\WINDOWS\system32;Trojan.DownLoader.54123;Deleted.;
  • 0

Advertisements

#56
andrewuk
Posted 18 April 2008 - 04:37 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
thats looking better.

can i see one more run of the kaspersky online scan and a new hijackthis log to confirm those infections have gone please.

if all goes well we can then reload the antivirus program onto your machine, run it and then wrap this all up.

andrewuk
  • 0

#57
andrewuk
Posted 24 April 2008 - 06:06 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
still with us?
  • 0

#58
codycjb
Posted 25 April 2008 - 02:36 PM

codycjb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
yeah sorry, havent been able to get to that computer. went on a little vacation. ill get back with you soon.
  • 0

#59
andrewuk
Posted 02 May 2008 - 11:37 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP