Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Sons Logg 1 virus 3 infected files?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 23rd, 2007, 8:37 am

Thanks Katanna ,but not sure if this is Correct? couldnt see the things u said..


Deckard's System Scanner v20071014.68
Run by scott on 2007-11-23 12:33:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:42, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Comodo\Firewall\cpfsubmit.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\scott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ad2f7ac37b9e47b0b6441af75b8615b5
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ad2f7ac37b9e47b0b6441af75b8615b5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6990 bytes

-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

2007-11-21 23:10:16 0 d-------- C:\Documents and Settings\scott\Application Data\Comodo
2007-11-21 23:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-21 23:08:38 0 d-------- C:\Program Files\Comodo
2007-11-21 10:18:13 318 --a------ C:\delete.bat
2007-11-21 10:10:49 0 d-------- C:\NoLopBackups
2007-11-20 14:16:14 0 d-------- C:\WINDOWS\ERUNT
2007-11-18 22:46:55 0 dr-h----- C:\Documents and Settings\scott\Recent
2007-11-14 21:19:49 0 d-------- C:\Documents and Settings\scott\Application Data\Move Networks
2007-11-13 17:36:43 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 17:32:58 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-13 17:28:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-13 17:28:02 0 d-------- C:\Program Files\Windows Live
2007-11-12 21:09:46 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-12 20:44:01 0 d-------- C:\Program Files\Trend Micro
2007-11-12 12:18:10 0 d-------- C:\Program Files\EsetOnlineScanner
2007-11-11 18:54:47 0 d-------- C:\Program Files\a-squared Anti-Malware
2007-11-10 15:25:31 0 d-------- C:\Program Files\WinASO
2007-11-08 21:15:12 0 d-------- C:\Program Files\Aimmathfour
2007-11-08 21:09:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Active the bore sect
2007-11-08 15:10:41 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-08 14:44:26 0 d-------- C:\Program Files\PokerLoco
2007-11-07 16:14:55 0 d-------- C:\Downloads
2007-11-07 16:14:13 0 d-------- C:\Documents and Settings\scott\Application Data\Free Download Manager
2007-11-07 16:14:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-11-04 22:14:51 0 d-------- C:\Program Files\Common Files\DirectX
2007-10-23 17:06:08 585728 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Find3M Report ---------------------------------------------------------------

2007-11-23 12:26:57 0 d-------- C:\Documents and Settings\scott\Application Data\AVG7
2007-11-21 23:33:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 23:32:18 0 d-------- C:\Program Files\Messenger
2007-11-21 23:30:12 0 d-------- C:\Program Files\quicksnooker
2007-11-20 13:53:30 0 d-------- C:\Program Files\Spyware Terminator
2007-11-18 20:09:52 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-18 16:27:27 0 d-------- C:\Program Files\Messenger Plus! Live
2007-11-16 11:09:36 0 d-------- C:\Documents and Settings\scott\Application Data\Spyware Terminator
2007-11-13 17:34:17 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-13 17:33:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-13 17:28:08 0 d-------- C:\Program Files\Common Files
2007-11-11 00:39:57 230432 --a------ C:\StiImg.dat
2007-11-10 16:57:30 0 d-------- C:\Documents and Settings\scott\Application Data\Aimmathfour
2007-11-07 15:30:20 0 d-------- C:\Program Files\Yahoo!
2007-11-06 00:06:08 0 d-------- C:\Program Files\Crawler
2007-10-16 21:38:55 0 d-------- C:\Documents and Settings\scott\Application Data\Nokia Multimedia Player
2007-10-16 14:00:29 8 --a------ C:\Documents and Settings\scott\Application Data\NMM-MetaData.db
2007-10-16 13:57:00 0 d-------- C:\Program Files\DIFX
2007-10-16 13:56:16 0 d-------- C:\Documents and Settings\scott\Application Data\PC Suite
2007-10-12 22:59:20 0 d-------- C:\Program Files\PokerStars.NET


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
17/10/2007 13:53 57384 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 08:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [23/10/2007 19:26]
"VTTrayp"="VTtrayp.exe" [01/11/2005 02:15 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [08/03/2005 01:33 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [01/03/2006 14:22 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 22:46]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [02/11/2007 19:31]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [17/10/2007 13:53]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [21/11/2007 23:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [30/10/2007 23:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2007-11-23 12:34:18 ------------



thanks in Advance. 8) 8)
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm
Advertisement
Register to Remove

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 23rd, 2007, 9:52 am

Have a look in C:\Deckards\System Scanner
Look for Extra.txt
Please open it and then copy/paste the contents here
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 24th, 2007, 6:24 am

Thanks Kattana
i unchecked everything in main Log,then checked 5 of the 6 boxes in xtra log.
heres the file..

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.70GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 958.23 MiB / 612.89 MiB
Pagefile Memory (total/avail): 2315.85 MiB / 2028.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1983.67 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 56.44 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST980829A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Matchplay Snooker\\SnookerLauncher.exe"="C:\\Program Files\\Matchplay Snooker\\SnookerLauncher.exe:*:Enabled:SnookerLauncher"
"C:\\Program Files\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe"="C:\\Program Files\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe:*:Enabled:Belkin Wireless USB Utility"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\scott\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\scott\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\scott\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SCOTTS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\scott
LOGONSERVER=\\SCOTTS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\scott\LOCALS~1\Temp
TMP=C:\DOCUME~1\scott\LOCALS~1\Temp
USERDOMAIN=SCOTTS
USERNAME=scott
USERPROFILE=C:\Documents and Settings\scott
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

scott (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C765D9FF-4A34-4BF1-9F91-E9A3C60C86FC}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\scott\Application Data\Move Networks\ie_bin\Uninst.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
PC Camer@ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5} /l1033
PokerLoco (remove only) --> "C:\Program Files\PokerLoco\uninstall.exe"
PSP Xploder Movie Player and Media Centre --> MsiExec.exe /I{BFA20B1F-565B-433B-ABD9-8B7273702FCC}
Realtek AC'97 Audio --> Alcrmv.exe -r -m
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{FDB226E3-D55D-4922-894F-20CE4646077D}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WinASO Registry Optimizer 3.1 --> "C:\Program Files\WinASO\Registry Optimizer 3.1\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live OneCare Family Safety --> MsiExec.exe /X{8F881B7A-32A5-404A-9904-0FEDD4AFB709}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{328420FA-7638-4AB1-81DF-E0FECEFF24E3}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Hotfix - KB895181 --> "C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
Windows Messenger 5.1 MUI Pack --> MsiExec.exe /I{F3CBA4E6-436E-4B51-9651-93830EE38616}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL


-- End of Deckard's System Scanner: finished at 2007-11-24 10:22:12 ------------
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 24th, 2007, 6:55 am

Download and Run ComboFix
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision


Combofix should never take more that 20 minutes including the reboot if malware is detected,
if it does open task-manager (press ctrl alt and del at the same time) and end
any process's of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know and what process you had to end.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 24th, 2007, 9:37 am

Thanks Katanna
ComboFix 07-11-19.3 - scott 2007-11-24 13:33:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.635 [GMT 0:00]
Running from: C:\Documents and Settings\scott\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
.

2007-11-21 23:10 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Comodo
2007-11-21 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-21 23:08 <DIR> d-------- C:\Program Files\Comodo
2007-11-21 10:18 318 --a------ C:\delete.bat
2007-11-21 10:10 <DIR> d-------- C:\NoLopBackups
2007-11-21 06:55 <DIR> d-------- C:\Deckard
2007-11-20 14:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-14 21:19 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Move Networks
2007-11-13 17:38 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2007-11-13 17:37 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-13 17:36 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-13 17:32 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-13 17:28 <DIR> d-------- C:\Program Files\Windows Live
2007-11-13 17:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-12 21:09 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-12 20:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-12 12:18 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-11 18:54 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-11-10 15:25 <DIR> d-------- C:\Program Files\WinASO
2007-11-08 21:15 <DIR> d-------- C:\Program Files\Aimmathfour
2007-11-08 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Active the bore sect
2007-11-08 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-08 14:44 <DIR> d-------- C:\Program Files\PokerLoco
2007-11-07 16:14 <DIR> d-------- C:\Downloads
2007-11-07 16:14 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Free Download Manager
2007-11-07 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-11-04 22:14 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-31 17:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 10:10 --------- d-----w C:\Documents and Settings\scott\Application Data\AVG7
2007-11-21 23:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 23:30 --------- d-----w C:\Program Files\quicksnooker
2007-11-20 13:53 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-18 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 16:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-16 11:09 --------- d-----w C:\Documents and Settings\scott\Application Data\Spyware Terminator
2007-11-13 17:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 17:33 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-12 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-11-11 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-11 00:39 230,432 ----a-w C:\StiImg.dat
2007-11-10 16:57 --------- d-----w C:\Documents and Settings\scott\Application Data\Aimmathfour
2007-11-07 15:30 --------- d-----w C:\Program Files\Yahoo!
2007-11-06 00:06 --------- d-----w C:\Program Files\Crawler
2007-10-23 17:06 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-16 21:38 --------- d-----w C:\Documents and Settings\scott\Application Data\Nokia Multimedia Player
2007-10-16 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-16 13:57 --------- d-----w C:\Program Files\DIFX
2007-10-16 13:56 --------- d-----w C:\Documents and Settings\scott\Application Data\PC Suite
2007-10-12 22:59 --------- d-----w C:\Program Files\PokerStars.NET
2006-12-25 15:49 0 ----a-w C:\Documents and Settings\scott\Application Data\wklnhst.dat
2006-12-25 10:33 0 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 13:53 57384 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-30 23:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 08:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 19:26]
"VTTrayp"="VTtrayp.exe" [2005-11-01 02:15 C:\WINDOWS\system32\VTTrayp.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-10-17 13:53]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-21 23:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 19:26]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-11-02 19:31 2778112 --a------ C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys
S3 AEILAB;AEI USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AEILAB.SYS
S3 FileObjInfo;STFileDriver;\??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 23:31:59 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk
"2007-11-14 21:32:59 C:\WINDOWS\Tasks\CCleaner.job"
- C:\PROGRA~1\CCleaner\ccleaner.exe
"2007-11-21 23:01:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-18 22:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 13:35:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 13:36:01
.
--- E O F ---

Hope ive done this Correctly.
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 25th, 2007, 9:24 am

Well, it looks like the infection didn't get very far :)
Those logs look good.

Show All Files And Folders
Now you need to show all files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck Hide file extensions for known file types
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Find and delete theses files/folders if present
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job <<< This file
C:\Program Files\SpywareBot <<< This Folder

Let's do a final scan to make sure

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner ( please use IE. and allow active X)

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 25th, 2007, 2:09 pm

THANKS KATANA

But the hidden file.. Tab.

Under the Hidden files and folders heading select Show hidden files and folders.
Is already unchecked,then when i clik uncheck the other 1 you said ,it says Do u wish too show operating system files.?

Im not sure what too check or uncheck ,here. Sorry. :(
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 25th, 2007, 3:35 pm

Swanny wrote: Do u wish too show operating system files.?
(

When it says that click "yes" :)

Image
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 26th, 2007, 12:14 pm

THANKS Katana

Ive searched for spywarebot,in search all folders.but coudnt find anthing,sorry.
Im waiting for The Kaspersky Scan too finish....Half way now. ;)
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 26th, 2007, 1:07 pm

here the log file Katana,,,thanks-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 5:05:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/11/2007
Kaspersky Anti-Virus database records: 465960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 75572
Number of viruses found: 2
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 02:01:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A85318E.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\scott\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\scott\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\scott\Local Settings\Temp\~DF5802.tmp Object is locked skipped
C:\Documents and Settings\scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\scott\ntuser.dat.LOG Object is locked skipped
C:\ISP\BT_Openworld\Narrowband\Signup\Anytime\signupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped
C:\ISP\BT_Openworld\Narrowband\Signup\Anytime\signupLt.exe CAB: infected - 1 skipped
C:\ISP\BT_Openworld\Narrowband\Signup\Reinstall\SignupLt.EXE/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped
C:\ISP\BT_Openworld\Narrowband\Signup\Reinstall\SignupLt.EXE CAB: infected - 1 skipped
C:\ISP\BT_Openworld\Narrowband\Signup\Standard\SignupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped
C:\ISP\BT_Openworld\Narrowband\Signup\Standard\SignupLt.exe CAB: infected - 1 skipped
C:\recover\ISP\BT_Openworld\Narrowband\Signup\Anytime\signupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped
C:\recover\ISP\BT_Openworld\Narrowband\Signup\Anytime\signupLt.exe CAB: infected - 1 skipped
C:\recover\ISP\BT_Openworld\Narrowband\Signup\Reinstall\SignupLt.EXE/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped
C:\recover\ISP\BT_Openworld\Narrowband\Signup\Reinstall\SignupLt.EXE CAB: infected - 1 skipped
C:\recover\ISP\BT_Openworld\Narrowband\Signup\Standard\SignupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped
C:\recover\ISP\BT_Openworld\Narrowband\Signup\Standard\SignupLt.exe CAB: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP102\A0047240.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP106\A0048513.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP114\change.log Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043860.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043871.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043984.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043985.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043986.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043987.exe Object is locked skipped
C:\System Volume Information\_restore{389133AD-ABE1-4F83-B154-6778B0C30627}\RP89\A0043988.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0C6346B4-2F3C-4815-8E57-CC3F2D7971CE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 26th, 2007, 4:01 pm

That looks fine, how are things running now ?
any problems ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 26th, 2007, 4:09 pm

Thanks Katana

Does that mean his Laptop is ok , too use safely now .?

By that i also mean his pc is connected Via router too a Ethrnet cable in the back of my Pc.ia modem Downstairs.

Cheers for all the Help..
Appreciated..
Keith.
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 26th, 2007, 4:37 pm

The items shown in the Kaspersky log were nothing to worry about.
one was in the quarantine folder of Norton and the rest were legitimate files from BT Openworld.

Just a couple of things to tidy up
but, yes it looks clean and safe to use now :)


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.


Please post a final HJT log in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Swanny » November 26th, 2007, 5:19 pm

thanks

Lol forgot i wasnt on me sons lapotp,and did i Hijack fixed the obe u asked too FixxO(on me own pc an scan

Will it make any difference too my pc?
Im just doin the above you said,on me sons Laptop now..
wont be lomh Hopefull..lol

thanks
keith..
Swanny
Regular Member
 
Posts: 77
Joined: November 12th, 2007, 2:35 pm

Re: My Sons Logg 1 virus 3 infected files?

Unread postby Katana » November 26th, 2007, 5:27 pm

If the lines you fixed were exactly the same as the ones above, then no problem.
It is not a tragedy if they were slightly different, we can always restore them.

We just finished with your computer, so those lines should not have been there ???
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware