Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RE GreyKnight Pre .. VirusRemover 2008 problem [Solved]


  • This topic is locked This topic is locked

#31
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
If the file was hidden and I have now made it viewable, I am not sure why I cannot find it.

C:\WINDOWS\system32\drivers\iccmkgzczivhp.sys

You say if I found it that I should zip it first before I upload it to bleeping computers site.

Also on Bleeping computer (BC) at the top theres a message saying

Link to topic where this file was requested: I am not sure about this... I assume I do not need to do anything unless I had a thread on their site... can you clarify if I am wrong..

thks
  • 0

Advertisements


#32
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

If the file was hidden and I have now made it viewable, I am not sure why I cannot find it.


I assume you did not find it right? And if you somehow find it, at the Link to topic where this file was requested:, just copy/paste below

http://www.geekstogo.com/forum/RE-GreyKnight-Pre-VirusRemover-2008-problem-t229191.html&view=findpost&p=1462899#entry1462899


Then do the rest steps as I said before and post the logs here :)
  • 0

#33
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz

I am not fully clear with your reply..

NO I could not find it where I expected with ref to the file details you gave me.. ie

C:\WINDOWS\system32\drivers\iccmkgzczivhp.sys

OR as it was a hidden file.. could it still be there and hidden or in a different location maybe for the file....
.....iccmkgzczivhp.sys.

IF the file is NOT on my computer... am I right is saying that it should be ???

IF so I also assume that some how I need to obtain a replacement...


YOU SAID ...

I assume you did not find it right? And if you somehow find it, at the Link to topic where this file was requested:, just copy/paste below....

http://www.geekstogo...99#entry1462899


Thats partially understandable to me (BUT NOT FULLY as I am not fully sure why ipost it to that link or what the
1462899 number relates to ) IF I am to find it... but what If I dont ????


Do I need to continue with the bleeping computer site in any way from here if I do not find it on my laptop ?


Are you suggesting that I still continue with the other log.. but I wont have any file to paste into the combofix
icon....

Are you suggesting that I still do a new combofix log and hijack this log now i have made the hidden files visable ? even without any C:\WINDOWS\system32\drivers\iccmkgzczivhp.sys file...

Hopefully you can clarify things to me a bit more.

cheers dowsp
  • 0

#34
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz

Sorry I think it was my mistake

you HAVE given me a way to input the missing file as your instructions below...

Hopefully I can follow this and insert it into combofix and then do the logs

Hope I am right ! I will try it..

cheers Pete


1. Please open Notepad
Click Start, then Run
Type notepad.exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODEKillAll::

Driver::
rckaji

Rootkit::
C:\WINDOWS\system32\drivers\iccmkgzczivhp.sys

File::
C:\WINDOWS\system32\drivers\iccmkgzczivhp.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Combofix.txt
A new HijackThis log.
  • 0

#35
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz


Here is the new latest Combofix log... after I added that file into combofix..

Unfortunately again I tried normal mode and it would not work as it was very slow... so I had to do it in safemode.

same with the hijack this log which I will post next..

I hope it will be ok doing it all in safemode !!!

-------------------------------------------------------------


ComboFix 09-02-15.01 - Peter 2009-02-18 11:10:05.8 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.376 [GMT 0:00]
Running from: c:\documents and settings\Peter \Desktop\CFix\ComboFix.exe
Command switches used :: c:\documents and settings\Peter \Desktop\CFix\CFScript.txt
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall Plus *disabled*

FILE ::
c:\windows\system32\drivers\iccmkgzczivhp.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\iccmkgzczivhp.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RCKAJI
-------\Service_rckaji


((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-18 05:16 . 2009-02-18 05:16 <DIR> d-------- c:\program files\CleanUp!
2009-02-18 01:15 . 2005-11-26 03:19 102,664 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys
2009-02-17 15:41 . 2009-02-17 22:58 250 --a------ c:\windows\gmer.ini
2009-02-17 15:11 . 2009-02-17 15:13 <DIR> d-------- C:\rsit
2009-02-02 09:22 . 2009-02-02 09:25 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-02 09:22 . 2009-02-02 09:25 43,698 --a------ c:\windows\SYSTEM32\xvid-uninstall.exe
2009-02-02 09:21 . 2009-02-02 09:21 <DIR> d-------- c:\program files\Gabest
2009-02-02 09:20 . 2009-02-02 09:25 <DIR> d-------- c:\program files\AutoGK
2009-02-02 07:33 . 2009-02-02 07:34 <DIR> d-------- c:\program files\Any Video Converter
2009-02-02 07:33 . 2009-02-02 07:34 <DIR> d-------- c:\documents and settings\Peter \Application Data\Any Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 08:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-02-17 02:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-16 21:05 --------- d-----w c:\program files\CoffeeCup Software
2009-02-16 20:37 --------- d-----w c:\documents and settings\Peter \Application Data\Skype
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-02 09:32 --------- d-----w c:\documents and settings\Peter \Application Data\uTorrent
2008-12-23 19:48 --------- d-----w c:\documents and settings\Peter \Application Data\Malwarebytes
2008-12-23 19:48 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 09:39 --------- d-----w c:\program files\Enigma Software Group
2008-12-22 03:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-10-02 17:13 56,912 ----a-w c:\documents and settings\Peter \g2mdlhlpx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tesco internet phone"="c:\program files\Tesco internet phone\TescoIP.exe" [2007-01-30 6942720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 184320]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\McAgent.exe" [2004-08-17 245760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-12 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-16 98304]
"McRegWiz"="c:\progra~1\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 139264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-01-12 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 06:55 110592 c:\windows\SYSTEM32\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=c:\windows\pss\SnagIt 7.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter ^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Peter \Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter ^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Peter \Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-02-16 14:04 147456 c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 11:33 155648 c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-10-24 07:19 590848 c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
--a------ 2004-11-10 19:36 290816 c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2004-10-07 19:44 610304 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 07:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 01:05 127035 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 16:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-03-11 13:34 190464 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 08:32 77824 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 08:32 77824 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 08:36 114688 c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 08:35 94208 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2004-08-17 18:26 245760 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
--a------ 2004-07-29 14:55 139264 c:\progra~1\McAfee.com\Agent\mcregwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2004-08-17 18:29 184320 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2004-08-22 15:31 1327104 c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-06-17 13:29 319488 c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-05-28 17:32 86016 c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-16 01:11 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-09-12 04:36 208941 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-03-13 10:10 19543592 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 c:\program files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-09-12 04:36 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2004-08-17 16:55 180224 c:\progra~1\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2004-07-01 15:15 139264 c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2005-03-16 23296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - e:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-01-16 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (DGR76K1J-Peter ).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2004-07-01 15:15]

2009-02-18 c:\windows\Tasks\McAfee.com Update Check (DGR76K1J-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-08-17 18:29]

2009-02-18 c:\windows\Tasks\McAfee.com Update Check (DGR76K1J-Owner).job
- c:\progra~1\mcafee.com\agent [2006-04-12 15:24]

2009-02-18 c:\windows\Tasks\McAfee.com Update Check (DGR76K1J-Peter ).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-08-17 18:29]

2009-02-18 c:\windows\Tasks\McAfee.com Update Check (DGR76K1J-Peter ).job
- c:\progra~1\mcafee.com\agent [2006-04-12 15:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.groups.yahoo.com/group/d/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\documents and settings\Peter \Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 11:16:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZCfgSvc.exe
.
**************************************************************************
.
Completion time: 2009-02-18 11:20:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-18 11:20:19
ComboFix2.txt 2009-02-17 21:26:35
ComboFix3.txt 2009-02-17 19:41:02
ComboFix4.txt 2008-12-24 13:24:49
ComboFix5.txt 2009-02-18 11:09:12

Pre-Run: 1,747,050,496 bytes free
Post-Run: 1,736,957,952 bytes free

219 --- E O F --- 2009-02-13 03:06:25
  • 0

#36
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
This is the new Hijack this log...


I PREY that this is OK and Hopefully It has solved the problem... Ive been at it almost 20 hrs..

Ill have to go to bed soon ZZZZZZ, IF so I will have to call back later....

cheers dowsp

--------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:48, on 18/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.group...oo.com/group/d/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Tesco internet phone] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 5648 bytes
  • 0

#37
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz

Seeing how my computer works at the moment it seems faster and better.

I am hoping we have cracked it..

I will await you confirmation 1st though..

It may be later that I contact you if I fall to sleep though ! ZZZZZZZZZZZZZ


MANY MANY ThANKS FOR Time being...will forward $ later..

Cheers Dowsp
  • 0

#38
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Log looks a lot better.. Lets do two scans to see if we missed anything...


Please download Dr.Web CureIt to the Desktop:
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)




NEXT


Download avz4.zip from HERE
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again



1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.



  • After that, please restart AVZ again,
  • From the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply


Post me these logs in your next reply..

1. Dr. Web CureIt
2. Attach virusinfo_syscheck.htm
  • 0

#39
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz

I am a bit late back online...Just to put you in the picture..

I will try and follow the further instructions over the next day or so..

BUT I may be going away for a few days... so It may be next week before I manage to fully complete the tasks

if they are a bit more involved than a few hrs.. as I have to a few other things and also prepare to go away..

I will see what happens tonight.. its 9.30 pm here in the UK..

Thank you again for now..

cheers Dowsp
  • 0

#40
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok
  • 0

Advertisements


#41
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz.

I am writing this on another computer as unfortunately My laptop ran into further problems over the weekend... I explain below.

I am back from my trip over the weeekend..

I had to go to an internet seminar at a hotel over 3 days.. and was using my machine on wireless connection...using the hotels network.

The 1st day My computer seemed to work reasonably after all the things that I did in following your advice prior to then... (although I did not finish the last thing you indicated on one of your last posts. ie Dr Web and Avz .)...

The the next day , my computer would not work very well on the internet.

Then on the last day it would hardly work at all...

But It did work on safemode networking....so at least I could use it..

On arrival back home.. I tried it again on my modem and again on normal mode it would not work at all online.... I tried safemode networking and this would not work either as I think it will only work on a wireless connection.

SO... Now the only way that I can see myself geting back online with my laptop is to find another wireless networking area and use safemode networking.... and maybe try and follow your instructions again as well as the last ones..

Or is IF It was possible for me to some how find a UPDATED antivirus programme or obtain a file that can be added /copied to a disk from my present PC that I could insert into my laptops cd drive and run it if it is possible to do so...


It would not be so bad if I could just get back online in normal mode to re follow your instructions.

I am told that Spybot is a good AV checker.. maybe I will need to obtain that to get rid of the virus if all else fails.

just though that I should explain what has happened..and why I may be slow to get back to trying to solve the problem if I have to go to a hotel each time to get back online with my laptop to solve the virus issue.

Cheers dpwsp
  • 0

#42
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. please download the programs from my previous instruction and run them first, I need to see what both of them finds..
  • 0

#43
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#44
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
reopen as per user request.. Post all logs here.. Take note, as per my siggy, I'll be away from 8 March until 2 May in my local time (GMT+8)
  • 0

#45
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 544 posts
Hi Fenz

Heres the Dr Curit av list..

I will try and post the other AVZ as soon as I can hopefully tonight unless the advanced one takes a long time..

----------------------------------------


00065303.FIL;C:\$VAULT$.AVG;Trojan.LowZones.174;Deleted.;
02785625.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
02787548.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
02788299.FIL;C:\$VAULT$.AVG;Trojan.EzulaAd;Deleted.;
02788739.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.263;Deleted.;
02789811.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.based;Incurable.Moved.;
02789861.FIL;C:\$VAULT$.AVG;Trojan.Starter.341;Deleted.;
02789941.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
05723359.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
05723509.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
05723700.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
05724571.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
05731431.FIL;C:\$VAULT$.AVG;Trojan.LowZones.167;Deleted.;
05935835.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.263;Deleted.;
05935965.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.based;Incurable.Moved.;
05936125.FIL;C:\$VAULT$.AVG;Trojan.Starter.341;Deleted.;
05936265.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
05936426.FIL;C:\$VAULT$.AVG;Trojan.EzulaAd;Deleted.;
06157453.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
06496381.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;Incurable.Deleted.;
06499365.FIL;C:\$VAULT$.AVG;Trojan.Stars.184;Deleted.;
06499846.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45546;Deleted.;
06500477.FIL\data004;C:\$VAULT$.AVG\06500477.FIL;Trojan.Click.1237;;
06500477.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
06500787.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19993;Deleted.;
06501238.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.29311;Deleted.;
06501749.FIL\data004;C:\$VAULT$.AVG\06501749.FIL;Trojan.Click.1237;;
06501749.FIL;C:\$VAULT$.AVG;Archive contains infected objects;Moved.;
06502359.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19993;Deleted.;
06503902.FIL;C:\$VAULT$.AVG;Adware.Ttc;Incurable.Deleted.;
06504142.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;Incurable.Deleted.;
06504993.FIL;C:\$VAULT$.AVG;Adware.Ttc;Incurable.Deleted.;
06505414.FIL;C:\$VAULT$.AVG;Adware.Ttc;Incurable.Deleted.;
06505915.FIL;C:\$VAULT$.AVG;Trojan.Winpop;Deleted.;
06506375.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19992;Deleted.;
06506495.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19992;Deleted.;
06506956.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19992;Deleted.;
06507637.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19992;Deleted.;
06508038.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45546;Deleted.;
06508759.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.13396;Deleted.;
06509299.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45546;Deleted.;
06509920.FIL;C:\$VAULT$.AVG;Trojan.StartPage.19993;Deleted.;
06510421.FIL;C:\$VAULT$.AVG;Trojan.Click.17062;Deleted.;
06510511.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.240;Deleted.;
06514507.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.266;Deleted.;
06514627.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.240;Deleted.;
06515088.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.24715;Deleted.;
06515598.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.5013;Deleted.;
06600701.FIL;C:\$VAULT$.AVG;Trojan.Virtumod;Deleted.;
06631575.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.267;Deleted.;
06632056.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.263;Deleted.;
06632877.FIL;C:\$VAULT$.AVG;Trojan.EzulaAd;Deleted.;
06633278.FIL;C:\$VAULT$.AVG;Trojan.EzulaAd;Deleted.;
06633308.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.263;Deleted.;
06633358.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.267;Deleted.;
06633428.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.267;Deleted.;
06634259.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
06950594.FIL;C:\$VAULT$.AVG;Trojan.Virtumod;Deleted.;
07900159.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
08892997.FIL;C:\$VAULT$.AVG;Trojan.StartPage.697;Deleted.;
08893297.FIL;C:\$VAULT$.AVG;Trojan.Virtumod;Deleted.;
16093561.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
16097807.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
16098348.FIL;C:\$VAULT$.AVG;Adware.ClickSpring;Incurable.Deleted.;
16099369.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.263;Deleted.;
16099990.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.45540;Deleted.;
16100671.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.267;Deleted.;
16101122.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.263;Deleted.;
16102494.FIL;C:\$VAULT$.AVG;Trojan.Starter.341;Deleted.;
16102944.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.267;Deleted.;
16102994.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.260;Deleted.;
16719110.FIL;C:\$VAULT$.AVG;Trojan.Click.19754;Deleted.;
16727593.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.4660;Deleted.;
16727733.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.4660;Deleted.;
16729625.FIL;C:\$VAULT$.AVG;Trojan.Click.23749;Deleted.;
16731849.FIL;C:\$VAULT$.AVG;BackDoor.Tdss.30;Deleted.;
16732900.FIL;C:\$VAULT$.AVG;BackDoor.Tdss.21;Deleted.;
16733030.FIL;C:\$VAULT$.AVG;BackDoor.Tdss.29;Deleted.;
16734162.FIL;C:\$VAULT$.AVG;BackDoor.Tdss.22;Deleted.;
16734633.FIL;C:\$VAULT$.AVG;BackDoor.Tdss.29;Deleted.;
16735344.FIL;C:\$VAULT$.AVG;Trojan.Popuper.14118;Deleted.;
16735804.FIL;C:\$VAULT$.AVG;Trojan.Click.23749;Deleted.;
16889445.FIL;C:\$VAULT$.AVG;Trojan.LowZones.174;Deleted.;
16897937.FIL;C:\$VAULT$.AVG;Trojan.DownLoader.based;Deleted.;
svga.dll.bac_a02748;C:\Documents and Settings\Peter Nightingale\.housecall\Quarantine;Trojan.Virtumod;Deleted.;
svga.dll.bac_a02752;C:\Documents and Settings\Peter Nightingale\.housecall\Quarantine;Trojan.Virtumod;Deleted.;
svga.dll.bac_a03192;C:\Documents and Settings\Peter Nightingale\.housecall\Quarantine;Trojan.Virtumod;Deleted.;
asappsrv.dll.vir.bac_a03132;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Proxy.493;Deleted.;
autorun.exe.bac_a00744;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Fakealert.357;Deleted.;
byfzu.dll.bac_a00684;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Adware.ClickSpring;Incurable.Deleted.;
cmdinst.exe.bac_a00684;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Proxy.493;Incurable.Moved.;
command.exe.vir.bac_a03132;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Proxy.493;Deleted.;
FF.dll.vir.bac_a03132;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Adware.ClickSpring;Invalid path to file ;
gamadril20071203[1].bac_a02252;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.EzulaAd;Deleted.;
isroavwn.exe.bac_a02252;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.EzulaAd;Deleted.;
Mjcore.dll.bac_a02764;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Popuper.14118;Deleted.;
printer.exe.bac_a00744;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Fakealert.357;Deleted.;
sulimo.dat.bac_a00744;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Fakealert.357;Deleted.;
svga.dll.bac_a02748;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Virtumod;Deleted.;
svga.dll.bac_a02752;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Virtumod;Deleted.;
svga.dll.bac_a03192;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Virtumod;Deleted.;
system.exe.bac_a00744;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Fakealert.357;Deleted.;
TDSSa036.tmp.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Starter.896;Incurable.Moved.;
TDSShrxx.dll.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;BackDoor.Tdss.22;Deleted.;
TDSSoiqt.dll.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;BackDoor.Tdss.29;Deleted.;
TDSSpqlt.sys.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;BackDoor.Tdss.29;Deleted.;
TDSSvkql.dll.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;BackDoor.Tdss.21;Deleted.;
TDSSxfum.dll.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;BackDoor.Tdss.30;Deleted.;
TTC-4444.exe.vir.bac_a03132\data002;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine\TTC-4444.exe.vir.bac_a03132;Adware.Ttc;;
TTC-4444.exe.vir.bac_a03132;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Archive contains infected objects;Moved.;
tyshb36rfjdf.dll.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Click.19754;Deleted.;
winavxx.exe.bac_a00744;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Fakealert.357;Deleted.;
windows.bac_a02252;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Starter.341;Deleted.;
winloggn.exe.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Click.19754;Deleted.;
winsinstall.exe.bac_a02928;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Trojan.Fakealert.1529;Deleted.;
wpzjfp.dll.vir.bac_a03132;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Adware.ClickSpring.origin;Incurable.Deleted.;
Yazzle1281OinUninstaller.exe.vir.bac_a03132;C:\Documents and Settings\Peter Nightingale\.housecall6.6\Quarantine;Adware.Outer;Incurable.Deleted.;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Peter Nightingale\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Peter Nightingale\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Peter Nightingale\Desktop;Container contains infected objects;Moved.;
ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Peter Nightingale\Desktop\CFix\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Peter Nightingale\Desktop\CFix\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Peter Nightingale\Desktop\CFix;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Peter Nightingale\Desktop\CFix;Container contains infected objects;Moved.;
editor.htm\JavaScript.0;C:\Documents and Settings\Peter Nightingale\Desktop\document files\Internet Marketing\IMS Resourses CD\WebmastersProfitPak\htm;Probably SCRIPT.Virus;;
editor.htm;C:\Documents and Settings\Peter Nightingale\Desktop\document files\Internet Marketing\IMS Resourses CD\WebmastersProfitPak\htm;Container contains infected objects;Moved.;
process.exe;C:\Documents and Settings\Peter Nightingale\Desktop\VundoFix\VundoFix;Tool.Prockill;Incurable.Deleted.;
EE10.tmp;C:\Documents and Settings\Peter Nightingale\Local Settings\temp;Trojan.Click.24657;Deleted.;
load[2].exe;C:\Documents and Settings\Peter Nightingale\Local Settings\temp\Temporary Internet Files\Content.IE5\X7Q91BUD;Trojan.Inject.5512;Deleted.;
load[1].exe;C:\Documents and Settings\Peter Nightingale\Local Settings\Temporary Internet Files\Content.IE5\8D6ZCPUV;Trojan.Inject.5512;Deleted.;
727l2[1].exe;C:\Documents and Settings\Peter Nightingale\Local Settings\Temporary Internet Files\Content.IE5\K5AR8DAB;Trojan.Click.24657;Deleted.;
load[2].exe;C:\Documents and Settings\Peter Nightingale\Local Settings\Temporary Internet Files\Content.IE5\ODIF8P6B;Trojan.Inject.5512;Deleted.;
GTDownDE_87.ocx;C:\I386;Adware.Gdown;Incurable.Deleted.;
btwebcontrol.dll;C:\Program Files\Internet Explorer\BTOW Shared Files;Dialer.Btweb;Incurable.Deleted.;
Tiscali Inet.exe;C:\Program Files\Tiscali\Tiscali Internet;Trojan.Swizzor.based;Deleted.;
ifsdqbuo.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Probably Trojan.Packed.213;Incurable.Deleted.;
juqtmt.dll.vir.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Probably Trojan.Packed.213;Incurable.Deleted.;
lyjrmohx.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Probably Trojan.Packed.213;Incurable.Deleted.;
vdgfuy.dll.vir.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32;Probably Trojan.Packed.213;Incurable.Deleted.;
iccmkgzczivhp.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS;Trojan.Spambot.3548;Deleted.;
A0036618.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Trojan.Botnetlog.7;Deleted.;
A0040626.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Trojan.DownLoad.30095;Deleted.;
A0040631.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Trojan.PWS.ICQSniff.25;Deleted.;
A0040633.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Trojan.Botnetlog.7;Deleted.;
A0040642.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Trojan.DownLoad.30754;Deleted.;
A0043764.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Program.PsExec.170;Incurable.Deleted.;
A0044716.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Probably BATCH.Virus;Incurable.Deleted.;
A0044783.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Probably BATCH.Virus;Incurable.Deleted.;
A0046874.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Probably BATCH.Virus;Incurable.Deleted.;
A0046928.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Probably BATCH.Virus;Incurable.Deleted.;
A0046990.sys;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Trojan.Spambot.3548;Deleted.;
A0047004.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Probably BATCH.Virus;Incurable.Deleted.;
A0047018.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP215;Program.PsExec.170;Incurable.Deleted.;
A0048166.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0050166.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0050167.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0050168.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0058173.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0058174.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0059181.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.PWS.ICQSniff.25;Deleted.;
A0059183.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0059189.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.DownLoad.30738;Deleted.;
A0066239.sys;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Spambot.3548;Deleted.;
A0066247.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Inject.5512;Deleted.;
A0071280.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP217;Trojan.Swizzor.based;Deleted.;
~.exe;C:\WINDOWS\SYSTEM32;Trojan.Inject.5512;Deleted.;
23B2.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
259C.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
4D03.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
7B08.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
7C59.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
82CC.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
9183.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
9E8A.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
9F26.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
FB1A.tmp;C:\WINDOWS\temp;Trojan.Click.24657;Deleted.;
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP