Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

trojan.win32.agent.aaqk...PLEASE HELP!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: trojan.win32.agent.aaqk...PLEASE HELP!!!

Unread postby messervk » November 3rd, 2008, 6:24 pm

sorry :lol:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Karen Messervey at 2008-11-03 18:23:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (17%) free of 19 GB
Total RAM: 639 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:17 PM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Eastlink Internet Security\Common\FSM32.EXE
C:\Program Files\Eastlink Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Eastlink Internet Security\Common\FSMA32.EXE
C:\Program Files\Eastlink Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eastlink Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eastlink Internet Security\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Eastlink Internet Security\Common\FAMEH32.EXE
C:\Program Files\Eastlink Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Eastlink Internet Security\FSPC\fspc.exe
C:\Program Files\Eastlink Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Eastlink Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\Eastlink Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Eastlink Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Eastlink Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Karen Messervey\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Karen Messervey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Eastlink Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Eastlink Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d08f8ed9ae2a47c294da8353de138b31
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d08f8ed9ae2a47c294da8353de138b31
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Eastlink Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Eastlink Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Eastlink Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/acti ... .0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/acti ... 0.0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Eastlink Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Eastlink Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Eastlink Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Eastlink Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7690 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-06 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-07 493856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-07 493856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"F-Secure Manager"=C:\Program Files\Eastlink Internet Security\Common\FSM32.EXE [2008-04-23 182936]
"F-Secure TNB"=C:\Program Files\Eastlink Internet Security\FSGUI\TNBUtil.exe [2008-04-23 744032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-10-01 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\VideoCall\VideoCall.exe"="C:\Program Files\Logitech\VideoCall\VideoCall.exe:*:Enabled:videocall.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Documents and Settings\Karen Messervey\Local Settings\temp\7zS3B18.tmp\SymNRT.exe"="C:\Documents and Settings\Karen Messervey\Local Settings\temp\7zS3B18.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

2008-11-03 11:05:31 ----D---- C:\rsit
2008-10-30 23:29:15 ----SHD---- C:\RECYCLER
2008-10-30 16:58:01 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-30 08:33:05 ----A---- C:\ComboFix.txt
2008-10-27 15:38:27 ----A---- C:\Boot.bak
2008-10-27 15:38:09 ----RASHD---- C:\cmdcons
2008-10-27 15:33:28 ----A---- C:\WINDOWS\zip.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\VFIND.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\SWSC.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\SWREG.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\sed.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\grep.exe
2008-10-27 15:33:28 ----A---- C:\WINDOWS\fdsv.exe
2008-10-27 15:32:58 ----D---- C:\WINDOWS\ERDNT
2008-10-27 15:32:58 ----D---- C:\Qoobox
2008-10-26 13:07:28 ----D---- C:\Program Files\Trend Micro
2008-10-25 18:08:05 ----D---- C:\Documents and Settings\Karen Messervey\Application Data\F-Secure
2008-10-25 17:49:47 ----D---- C:\Program Files\Eastlink Internet Security
2008-10-25 17:49:14 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-10-25 17:48:42 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-10-25 17:36:11 ----A---- C:\WINDOWS\WININIT.INI
2008-10-24 02:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-09-10 02:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 12:41:17 ----D---- C:\Documents and Settings\Karen Messervey\Application Data\Uniblue
2008-08-29 22:30:06 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-27 05:56:39 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-13 02:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 02:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 02:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 02:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 02:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 02:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 02:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$

======List of files/folders modified in the last 3 months======

2008-11-03 18:23:15 ----D---- C:\WINDOWS\Temp
2008-11-03 15:04:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 15:02:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-03 11:05:46 ----D---- C:\WINDOWS\Prefetch
2008-11-02 04:29:21 ----D---- C:\WINDOWS\system32
2008-11-02 04:29:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 17:06:05 ----RD---- C:\Program Files
2008-10-30 17:01:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-30 08:33:09 ----D---- C:\WINDOWS
2008-10-30 08:29:22 ----A---- C:\WINDOWS\system.ini
2008-10-30 08:28:35 ----D---- C:\WINDOWS\system32\drivers
2008-10-30 08:28:34 ----D---- C:\WINDOWS\AppPatch
2008-10-30 08:28:34 ----D---- C:\Program Files\Common Files
2008-10-27 15:38:28 ----RASH---- C:\boot.ini
2008-10-26 12:32:43 ----SD---- C:\WINDOWS\Tasks
2008-10-25 18:01:52 ----HD---- C:\WINDOWS\inf
2008-10-25 17:37:33 ----D---- C:\Program Files\Logitech
2008-10-25 17:36:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 16:19:58 ----D---- C:\Program Files\Ahead
2008-10-24 02:00:47 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:08:42 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 02:02:09 ----D---- C:\Program Files\Internet Explorer
2008-10-14 12:21:31 ----D---- C:\WINDOWS\Help
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-23 01:20:00 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-23 01:19:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-23 01:19:49 ----D---- C:\Program Files\ArcSoft
2008-09-23 01:04:21 ----SHD---- C:\WINDOWS\Installer
2008-09-23 01:04:20 ----HD---- C:\Config.Msi
2008-09-23 01:04:05 ----D---- C:\Program Files\Java
2008-09-23 00:26:38 ----D---- C:\WINDOWS\system32\Restore
2008-09-16 15:00:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 06:31:38 ----SHD---- C:\System Volume Information
2008-09-10 23:33:24 ----A---- C:\WINDOWS\system32\MRT.INI
2008-09-10 02:01:55 ----D---- C:\WINDOWS\WinSxS
2008-09-04 23:51:50 ----D---- C:\Program Files\Common Files\Ahead
2008-09-04 23:43:36 ----D---- C:\Program Files\Google
2008-08-27 05:56:39 ----D---- C:\WINDOWS\Debug
2008-08-26 18:51:07 ----D---- C:\Program Files\MSN Messenger
2008-08-26 16:11:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-20 01:38:47 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 01:38:45 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 01:38:45 ----A---- C:\WINDOWS\system32\browseui.dll
2008-08-20 01:38:44 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-08-20 01:38:44 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-20 01:38:43 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 01:38:43 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-20 01:38:42 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\danim.dll
2008-08-20 01:38:39 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-08-19 05:20:32 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-08-14 06:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 05:22:13 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 02:09:02 ----D---- C:\WINDOWS\pchealth
2008-08-14 02:08:55 ----D---- C:\WINDOWS\system32\mui
2008-08-14 02:08:22 ----RSD---- C:\WINDOWS\assembly
2008-08-13 02:04:38 ----D---- C:\Program Files\Messenger

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Eastlink Internet Security\HIPS\fshs.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Eastlink Internet Security\Anti-Virus\minifilter\fsgk.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 sbpci;SB PCI Family Audio Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2002-10-22 668160]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
S3 catchme;catchme; \??\C:\ComboFix1\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Eastlink Internet Security\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Eastlink Internet Security\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Eastlink Internet Security\Anti-Virus\fsgk32st.exe [2008-04-23 47800]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Eastlink Internet Security\Common\FSMA32.EXE [2008-04-23 113304]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-06 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Eastlink Internet Security\FSAUA\program\fsaua.exe [2008-04-23 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Eastlink Internet Security\FWES\Program\fsdfwd.exe [2008-04-23 453216]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
messervk
Regular Member
 
Posts: 18
Joined: October 26th, 2008, 12:35 pm
Location: Nova Scotia
Advertisement
Register to Remove

Re: trojan.win32.agent.aaqk...PLEASE HELP!!!

Unread postby Shaba » November 4th, 2008, 9:17 am

OK, that didn't seem to effect much on free RAM.

I suggest that you add more RAM if possible; it is easiest way to get more speed.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.win32.agent.aaqk...PLEASE HELP!!!

Unread postby messervk » November 4th, 2008, 4:38 pm

I don't understand why it worked fine before and without adding anything new, and now is slow-weird. :?

Maybe you can give me some advise. I what to be able to have music...you don't recemend the peer to peer sharing, right? Anything you can suggest?

I really appricate everything you have done for me.



Thanks again, Karen
messervk
Regular Member
 
Posts: 18
Joined: October 26th, 2008, 12:35 pm
Location: Nova Scotia

Re: trojan.win32.agent.aaqk...PLEASE HELP!!!

Unread postby Shaba » November 5th, 2008, 5:05 am

F-secure isn't very lightweight one, that might explain it.

As for music, there are many online stores from which you can download legally music.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: trojan.win32.agent.aaqk...PLEASE HELP!!!

Unread postby Shaba » November 10th, 2008, 5:34 am

Due to lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware