Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan virus [RESOLVED]


  • This topic is locked This topic is locked

#46
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
done. but im still getting block incoming UDP/TCP. :tazz:
  • 0

Advertisements


#47
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry for the wait.

Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  • 0

#48
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"Steam" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"McAfee Guardian" = ""C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU" ["Network Associates, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"MCUpdateExe" = "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" ["McAfee.com Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"MCAgentExe" = "C:\Program Files\McAfee.com\Agent\MCAGENT.EXE" ["McAfee.com Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cswao.exe" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
kxgkxnky\(Default) = "{54d520a9-57f1-446a-b47b-7df4ea79860d}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\vsrvs.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "neSTOOOOR" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (RENDITIONS-CJ)" -> launches: "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule" ["McAfee.com Corporation"]
"McAfee.com Update Check (RENDITIONS-neSTOOOOR)" -> launches: "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule" ["McAfee.com Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\CSLSP.DLL ["Networks Associates Technologies, Inc."], 01 - 15, 31
%SystemRoot%\system32\mswsock.dll [MS], 16 - 18, 21 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 19 - 20


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
McAfee Firewall, McAfee Firewall, ""C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE" ["Network Associates, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
PCTEL Speaker Phone, Pctspk, "C:\WINDOWS\system32\pctspk.exe" ["PCtel, Inc."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 62 seconds, including 26 seconds for message boxes)
  • 0

#49
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

Copy everything in the quote box below (starting with REGEDIT4) and paste it into Notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as fixware.reg on your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

Double-click fixware.reg and when asked if you want to merge with the registry click YES.

After the merged successfully prompt, please reboot your computer.

After reboot, please download RKFiles from HERE
  • Unzip RKfiles.zip to the desktop
  • Double-click RKFiles.bat to run it.
    • It may take a while.
  • When it is finished a window should appear with a log.
  • Please copy the contents of the log and paste them here
    • Note: the log with be saved at c:\log.txt :tazz:

  • 0

#50
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
C:\Documents and Settings\neSTOOOOR\Desktop

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\DivX.dll: PEC2

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
Finished
bye
  • 0

#51
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Now I need to see a fresh HiJackThis log please. :tazz:
  • 0

#52
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:40:53 PM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.download.com/
O1 - Hosts: 66.138.141.120 L2authd.lineage2.com
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124684073609
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
  • 0

#53
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Now lets check some settings on your system.
  • Go to Start > Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties.
  • Click the Networking tab.
  • Double-Click on the Internet Protocol (TCP/IP) item.
  • Select the radio dial that says Obtain DNS Servers Automatically.
  • Press OK twice to get out of the properties screen and reboot if it asks.
Make sure to reboot.

Next..

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#54
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
wait quick question why is there three

http://img296.images...nshot0118pq.jpg
  • 0

#55
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello renditions,
It's normal and nothing to worry about, just right-click the one that's colored (Local Area Connection 2) and follow Rawe's instructions, please. :tazz:
  • 0

Advertisements


#56
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 04, 2005 11:01:14
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 4/09/2005
Kaspersky Anti-Virus database records: 138841
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47292
Number of viruses found: 3
Number of infected objects: 167
Number of suspicious objects: 0
Duration of the scan process: 5405 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP12\A0009817.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP13\A0009861.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP13\A0010861.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0011863.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0011871.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0011887.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0012891.exe Infected: not-virus:Hoax.Win32.Renos.d
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0012904.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0012927.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP14\A0012983.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP15\A0013004.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP15\A0013006.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP15\A0013008.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP15\A0013013.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP15\A0013033.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP16\A0013080.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP16\A0013086.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP16\A0013088.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP16\A0013090.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP16\A0013092.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP17\A0013136.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP17\A0013142.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP17\A0013144.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP17\A0013146.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP17\A0013148.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP18\A0013162.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP18\A0013206.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP18\A0013210.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP18\A0013212.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP18\A0013214.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP18\A0013216.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013224.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013230.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013269.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013273.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013275.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013277.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013279.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013286.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0013402.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014408.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014416.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014459.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014495.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014529.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014565.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014855.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014888.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0014895.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP19\A0015050.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP20\A0015152.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP20\A0015167.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP20\A0015210.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP21\A0016208.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016249.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016258.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016272.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016293.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016327.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016360.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016393.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016407.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016424.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016446.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016478.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016513.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP23\A0016529.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP24\A0016589.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP24\A0016622.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP24\A0016655.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP24\A0016731.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP26\A0017172.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP26\A0017192.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP26\A0017295.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP26\A0017333.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP26\A0017373.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017402.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017448.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017480.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017512.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017542.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017575.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP27\A0017614.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP28\A0017682.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP28\A0017721.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017771.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017839.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017871.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017910.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017939.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017949.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0017981.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0018014.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0018026.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0018036.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0018072.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0019067.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0021067.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0021101.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0021221.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022219.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022259.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022265.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022272.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022278.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022283.exe Infected: Trojan.Win32.Qhost.qr
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022291.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022298.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022306.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0022340.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0023338.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP29\A0023392.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP30\A0023491.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP30\A0023529.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP30\A0023573.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP32\A0023780.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP32\A0023821.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP32\A0023882.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP32\A0023911.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP33\A0023967.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP33\A0024006.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP33\A0024011.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP33\A0024016.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024092.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024122.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024128.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024242.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024274.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024316.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024327.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP34\A0024336.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP35\A0024395.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP35\A0026336.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP35\A0026382.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP36\A0026450.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP36\A0027479.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP37\A0027867.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP37\A0027940.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP37\A0027984.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP37\A0028076.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP37\A0028114.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP37\A0028156.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP38\A0028277.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP38\A0028322.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP38\A0028361.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP38\A0028434.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP38\A0028554.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028687.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028725.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028805.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028806.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028807.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028808.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028809.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028810.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028811.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028812.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028813.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028814.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028815.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028816.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028817.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028818.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028819.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028820.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028821.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{3A9554E9-A229-430E-A79F-9BA0251B3404}\RP39\A0028822.exe Infected: Trojan.Win32.Small.fb

Scan process completed.
  • 0

#57
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go Start > Run - type cmd and hit OK

Into the black window, type:

ipconfig /flushdns

Then hit enter, type exit hit enter
(that space between g and / is needed)

Post a new HiJackThis log.
  • 0

#58
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:32:31 AM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.download.com/
O1 - Hosts: 66.138.141.120 L2authd.lineage2.com
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124684073609
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
  • 0

#59
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Thank you. :tazz:

Still getting incoming UDP/TCP?

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O1 - Hosts: 66.138.141.120 L2authd.lineage2.com

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx


Close HiJackTHis.

I would strongly advise uninstalling McAfee and keeping ONLY AVG. It's never a good idea to run more than one onboard anti-virus program at a time.

Any other problems?
  • 0

#60
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Still getting incoming/outgoing UDP/TCP

Edited by renditions`, 05 September 2005 - 07:54 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP