Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chinese Navigation and my Pc crashes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Chinese Navigation and my Pc crashes

Unread postby pokhim » October 30th, 2006, 2:09 pm

Hey i really need some help, i did have chinese writing in my address bar but now thats gone thanks to adaware. i think i still have some probs tho and need to permantly get rid of the junk on my pc that keeps on crashing it and giving it a critical error. can some please help. heres my hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 18:09:22, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\107up.exe
C:\DOCUME~1\Tariq\LOCALS~1\Temp\RarSFX2\csrss.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Tariq\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sha123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.cn/cdn/browser/sides ... ch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/custo ... ch-en.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P35 "EPSON Stylus CX6600 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8525156421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/a ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{42D800FB-1E04-4E1C-B169-36DF0772B64C}: NameServer = 158.43.192.1,158.43.192.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D446CEE-C960-4A98-9FAA-83C4D3F9261C}: NameServer = 158.43.192.1,158.43.192.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

thanks for your help.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm
Advertisement
Register to Remove

Unread postby Susan528 » October 30th, 2006, 6:07 pm

Hello pokhim and welcome to Malware Removal,

Please do the following:

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder like C:\HJT for it and place the program into that new folder.
C:\DOCUME~1\Tariq\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

Download this file – combofix.exe
and save it to your desktop. Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe" /wow

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /wow

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include

  • new hijackthis log
  • combofix log

*use separate posts to ensure the logs don't get cut off!
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

combofix log

Unread postby pokhim » October 30th, 2006, 7:41 pm

So i did as you said and ran my combofix in safe mode etc. heres the log.


Tariq - 06-10-30 23:03:33.95 Service Pack 2
ComboFix 06.10.31W - Running from: "C:\Documents and Settings\Tariq\Desktop"
Command switches used :: /wow

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\secure32.html
C:\WINDOWS\secure32.html
C:\WINDOWS\system32\cdnprot.dat
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\Program Files\kw_wl_lyric_020.exe
C:\Program Files\tshz093.exe
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\WINDOWS\system32\drivers\jgajhecf.sys
C:\WINDOWS\system32\drivers\jidhadec.sys


((((((((((((((((((((((((((((((( Files Created from 2006-09-30 to 2006-10-30 ))))))))))))))))))))))))))))))))))


2006-10-30 16:26 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2006-10-30 16:26 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2006-10-30 16:26 18,704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2006-10-30 16:24 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2006-10-30 16:03 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2006-10-30 16:03 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2006-10-28 15:18 173,056 --a------ C:\WINDOWS\~tmp7461.exe
2006-10-28 15:15 173,056 --a------ C:\WINDOWS\~tmp1223.exe
2006-10-28 15:14 173,056 --a------ C:\WINDOWS\~tmp2536.exe
2006-10-24 19:00 159,671 --a------ C:\WINDOWS\~tmp9759.exe
2006-10-24 18:59 159,671 --a------ C:\WINDOWS\~tmp5080.exe
2006-10-24 18:58 159,671 --a------ C:\WINDOWS\~tmp3666.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-30 18:42 303105 --a------ C:\Program Files\107up.exe
2006-10-30 18:37 -------- d-------- C:\Program Files\SP2 Connection Patcher
2006-10-30 16:15 -------- d-------- C:\Documents and Settings\Tariq\Application Data\AdobeUM
2006-10-28 15:18 173056 --a------ C:\WINDOWS\~tmp7461.exe
2006-10-28 15:15 173056 --a------ C:\WINDOWS\~tmp1223.exe
2006-10-28 15:14 173056 --a------ C:\WINDOWS\~tmp2536.exe
2006-10-24 19:05 183296 --a------ C:\Program Files\Common Files\rundll32.exe
2006-10-24 19:04 -------- d-a------ C:\Program Files\Common Files
2006-10-24 19:00 159671 --a------ C:\WINDOWS\~tmp9759.exe
2006-10-24 18:59 159671 --a------ C:\WINDOWS\~tmp5080.exe
2006-10-24 18:58 159671 --a------ C:\WINDOWS\~tmp3666.exe
2006-10-17 19:16 -------- d-------- C:\Program Files\William Hill Poker
2006-10-17 19:14 -------- d-------- C:\Program Files\BitComet
2006-10-15 01:48 -------- d-------- C:\Documents and Settings\Tariq\Application Data\X10 Commander
2006-10-14 12:11 -------- d-------- C:\Program Files\TVAnts
2006-09-28 16:39 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-23 12:04 -------- d-------- C:\Program Files\iTunes
2006-09-23 12:04 -------- d-------- C:\Program Files\iPod
2006-09-23 11:57 -------- d-------- C:\Program Files\QuickTime
2006-09-23 11:55 -------- d-------- C:\Program Files\Apple Software Update
2006-09-22 20:05 -------- d-------- C:\Program Files\Java
2006-09-21 20:12 -------- d-------- C:\Program Files\BidSlayer
2006-09-16 10:22 -------- d-------- C:\Program Files\TVUPlayer
2006-09-12 19:21 -------- d-------- C:\Program Files\Disc2Phone
2006-09-07 18:35 869 --a------ C:\Documents and Settings\Tariq\Application Data\AdobeDLM.log
2006-09-07 18:35 0 --a------ C:\Documents and Settings\Tariq\Application Data\dm.ini
2006-09-07 18:35 -------- d-------- C:\Program Files\Adobe
2006-09-07 18:32 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-07 18:32 -------- d-------- C:\Documents and Settings\Tariq\Application Data\Adobe
2006-09-04 13:15 -------- d-------- C:\Documents and Settings\Tariq\Application Data\Sun


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ATI Launchpad"=""
"ATI Remote Control"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.EXE"
"iIWiper"="C:\\Program Files\\iISystem Wiper\\SystemWiper.exe m"
"EPSON Stylus CX6600 Series (Copy 2)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P35 \"EPSON Stylus CX6600 Series (Copy 2)\" /M \"Stylus CX6600\" /EF \"HKCU\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SP2 Connection Patcher"="\"C:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"BidSlayer"=""
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EPSON Stylus CX6600 Series (Copy 2)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P35 \"EPSON Stylus CX6600 Series (Copy 2)\" /O5 \"LPT1:\" /M \"Stylus CX6600\""
"EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P26 \"EPSON Stylus CX6600 Series\" /O6 \"USB001\" /M \"Stylus CX6600\""
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NWEReboot"=""
"rundll32"="C:\\Program Files\\Common Files\\rundll32.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f4,01,00,00,bd,00,00,00,78,00,00,00,6e,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Error Nuker"="C:\\Program Files\\Error Nuker\\bin\\ErrorNuker.exe autostart"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Seek Style Junk Comp"="C:\\Documents and Settings\\All Users\\Application Data\\Logidolseekstyle\\Sect Curb.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"nForce Tray Options"="sstray.exe /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-10-30 23:09:17.96
C:\ComboFix.txt ... 06-10-30 23:09
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

hjt log

Unread postby pokhim » October 30th, 2006, 7:42 pm

heres my hjt log which ai ran after combofix in safemode

Logfile of HijackThis v1.99.1
Scan saved at 23:36:42, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sha123.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P35 "EPSON Stylus CX6600 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8525156421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/a ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{42D800FB-1E04-4E1C-B169-36DF0772B64C}: NameServer = 158.43.192.1,158.43.192.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D446CEE-C960-4A98-9FAA-83C4D3F9261C}: NameServer = 158.43.192.1,158.43.192.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe



thanks btw.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » October 31st, 2006, 1:01 pm

Let's try to delete the C:\Program Files\Common Files\rundll32.exe before it causes more problems.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Common Files\rundll32.exe<=file
Exit Explorer, and reboot as normal afterwards.
====================
I think the drivers are bad but want to confirm it first before proceeding with the deletion of the drivers. Please do the following:

Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of filepaths into the Suspicious File Packer window:
C:\WINDOWS\system32\drivers\se2Eunic.sys
C:\WINDOWS\system32\drivers\SE2Eobex.sys
C:\WINDOWS\system32\drivers\SE2Emdm.sys
C:\WINDOWS\~tmp7461.exe
C:\WINDOWS\~tmp3666.exe
C:\Program Files\107up.exe


Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/submit- ... ?channel=4

Please include a link to this topic in the message.
http://www.malwareremoval.com/forum/viewtop ... 94b3a3fd2d

===================
Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

======
CWShredder

Please download and run CWShredder
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.


Scan with HijackThis. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKLM\..\Run: [rundll32] C:\Program Files\Common Files\rundll32.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O15 - Trusted Zone: *.akamai.net

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

================
Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose:Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.

Copy and paste that information from Kapersky in your next post.

Post (reply) with a fresh HijackThis log along with the results from Kapersky.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » October 31st, 2006, 1:53 pm

hey sorry i'm a bit of an amature.

thanks again for being so patient with me. i have 2 problems

1. i cant find the file c:\program files\common files\rundll32.exe.

2. when i post my CAB archive to the site how do i know where it goes in order to post a link. because when i press submit it just says 'thanks for submitting...'
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » October 31st, 2006, 2:49 pm

Don't worry about asking questions!

You submitted the file right! I heard back from the developer of the ComboFix who is helping me. Those drivers are legit files for your Sony Ericacon cellular phone. Glad to get confirmation! :)

Please proceed with the Disable Microsoft Windows Defender: step and do the rest. We will find out if that file is still around.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

kap file log

Unread postby pokhim » October 31st, 2006, 7:56 pm

KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 31, 2006 11:53:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/10/2006
Kaspersky Anti-Virus database records: 223274


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics
Total number of scanned objects 80718
Number of viruses found 7
Number of infected objects 49 / 0
Number of suspicious objects 0
Duration of the scan process 03:17:21

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Cash Corn.exe Infected: Trojan-Downloader.Win32.Swizzor.cr skipped

C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\PileGlue.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped

C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\plan tool.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped

C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Sect Curb.exe Infected: Trojan-Downloader.Win32.Swizzor.du skipped

C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Stylewave.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05082006-200008.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Tariq\Application Data\AVG7\Log\emc.log Object is locked skipped

C:\Documents and Settings\Tariq\Application Data\bold byte mode\gxyirgry.exe Infected: Trojan-Downloader.Win32.Swizzor.cr skipped

C:\Documents and Settings\Tariq\Application Data\bold byte mode\kprofcjp.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped

C:\Documents and Settings\Tariq\Application Data\bold byte mode\pvzwquic.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped

C:\Documents and Settings\Tariq\Application Data\bold byte mode\rlkloeug.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped

C:\Documents and Settings\Tariq\Application Data\bold byte mode\snmohuoi.exe Infected: Trojan-Downloader.Win32.Swizzor.du skipped

C:\Documents and Settings\Tariq\Application Data\bold byte mode\zxxyexgc.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped

C:\Documents and Settings\Tariq\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab/C:/Program Files/107up.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab/C:/Program Files/107up.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab CAB: infected - 2 skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbdam Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbdao Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbeam Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbeao Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbm Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\fii.cf1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\fiih.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\hp Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm.cf1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm1m.cf1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm1mh.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\History\History.IE5\MSHist012006103120061101\index.dat Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Temp\RarSFX1\csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\Documents and Settings\Tariq\Local Settings\Temp\~DF2A22.tmp Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Temp\~DF6ACB.tmp Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Temp\~DFEE8A.tmp Object is locked skipped

C:\Documents and Settings\Tariq\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tariq\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Tariq\ntuser.dat.LOG Object is locked skipped

C:\Program Files\107up.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\Program Files\107up.exe ZIP: infected - 1 skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\1CE43687-4E36-4F41-8DD6-E3EE24\E07BD8A0-9E6D-450B-8775-9EE466 Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\7F8066BF-C15D-475F-A6B3-358AC3\73D20805-B670-4D0A-AAAC-ECA28F Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP750\A0237409.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP750\A0237409.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP751\A0238407.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP751\A0238407.exe RarSFX: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP752\A0239412.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP752\A0239412.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP753\A0239436.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP753\A0239436.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP755\A0239455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP755\A0239455.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP757\A0240457.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP757\A0240457.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP758\A0241455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP758\A0241455.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP759\A0242455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP759\A0242455.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP766\A0243516.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP766\A0243516.exe RarSFX: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP772\A0243575.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP772\A0243575.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP773\A0244561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP773\A0244561.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP774\A0245561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP774\A0245561.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246561.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246577.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246577.exe RarSFX: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP776\A0246630.exe Object is locked skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP777\A0246652.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP777\A0246652.exe ZIP: infected - 1 skipped

C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP778\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd2877.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

hjt log

Unread postby pokhim » October 31st, 2006, 7:57 pm

Logfile of HijackThis v1.99.1
Scan saved at 23:57:53, on 31/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\107up.exe
C:\DOCUME~1\Tariq\LOCALS~1\Temp\RarSFX1\csrss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.uk
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P35 "EPSON Stylus CX6600 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX6600"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8525156421
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/a ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{42D800FB-1E04-4E1C-B169-36DF0772B64C}: NameServer = 158.43.192.1,158.43.192.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D446CEE-C960-4A98-9FAA-83C4D3F9261C}: NameServer = 158.43.192.1,158.43.192.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby pokhim » October 31st, 2006, 7:59 pm

sorry heres that kap file as a txt doc so you can analyse it more easily.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 31, 2006 11:59:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/10/2006
Kaspersky Anti-Virus database records: 223274
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 80718
Number of viruses found: 7
Number of infected objects: 49 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:17:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Cash Corn.exe Infected: Trojan-Downloader.Win32.Swizzor.cr skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\PileGlue.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\plan tool.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Sect Curb.exe Infected: Trojan-Downloader.Win32.Swizzor.du skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Stylewave.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05082006-200008.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tariq\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\gxyirgry.exe Infected: Trojan-Downloader.Win32.Swizzor.cr skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\kprofcjp.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\pvzwquic.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\rlkloeug.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\snmohuoi.exe Infected: Trojan-Downloader.Win32.Swizzor.du skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\zxxyexgc.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped
C:\Documents and Settings\Tariq\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab/C:/Program Files/107up.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab/C:/Program Files/107up.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab CAB: infected - 2 skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbdam Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbdao Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbeam Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbeao Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbm Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\fii.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\hp Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\History\History.IE5\MSHist012006103120061101\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Temp\RarSFX1\csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Documents and Settings\Tariq\Local Settings\Temp\~DF2A22.tmp Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Temp\~DF6ACB.tmp Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Temp\~DFEE8A.tmp Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tariq\ntuser.dat.LOG Object is locked skipped
C:\Program Files\107up.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Program Files\107up.exe ZIP: infected - 1 skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CE43687-4E36-4F41-8DD6-E3EE24\E07BD8A0-9E6D-450B-8775-9EE466 Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F8066BF-C15D-475F-A6B3-358AC3\73D20805-B670-4D0A-AAAC-ECA28F Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP750\A0237409.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP750\A0237409.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP751\A0238407.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP751\A0238407.exe RarSFX: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP752\A0239412.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP752\A0239412.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP753\A0239436.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP753\A0239436.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP755\A0239455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP755\A0239455.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP757\A0240457.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP757\A0240457.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP758\A0241455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP758\A0241455.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP759\A0242455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP759\A0242455.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP766\A0243516.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP766\A0243516.exe RarSFX: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP772\A0243575.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP772\A0243575.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP773\A0244561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP773\A0244561.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP774\A0245561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP774\A0245561.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246561.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246577.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246577.exe RarSFX: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP776\A0246630.exe Object is locked skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP777\A0246652.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP777\A0246652.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP778\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2877.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » October 31st, 2006, 11:09 pm

Please do the following:

STEP 1.
======
FindLop

Download FindLop and unzip to one folder:
Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.

STEP 2.
======
Delete Files with Killbox

Download Pocket Killbox from http://www.downloads.subratam.org/KillBox.zip and unzip it; save it to your Desktop. DO NOT RUN IT YET.
==========
Double-click on KillBox.exe to launch the program. It is the red circle with a large white X in it
- Highlight the files in bold RED below and press the Ctrl key and the C key at the same time to copy them to the clipboard

C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Cash Corn.exe
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\PileGlue.exe
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\plan tool.exe
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Sect Curb.exe
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Stylewave.exe
C:\Documents and Settings\Tariq\Application Data\bold byte mode\gxyirgry.exe
C:\Documents and Settings\Tariq\Application Data\bold byte mode\kprofcjp.exe
C:\Documents and Settings\Tariq\Application Data\bold byte mode\pvzwquic.exe
C:\Documents and Settings\Tariq\Application Data\bold byte mode\rlkloeug.exe
C:\Documents and Settings\Tariq\Application Data\bold byte mode\snmohuoi.exe
C:\Documents and Settings\Tariq\Application Data\bold byte mode\zxxyexgc.exe
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab
C:\Documents and Settings\Tariq\Local Settings\Temp\RarSFX1\csrss.exe
C:\Program Files\107up.exe


In Killbox click on the File menu and then the Paste from Clipboard item
in the Full Path of File to Delete field drop down the arrow and make sure that all of the files are listed
(Please note that the tool checks your computer for the presence of the files pasted into the box so if files are not present, it is possible that you might not see all files you pasted into the box.)
  • Click the option to Delete on Reboot
  • Click End Explorer Shell while Killing File
  • Click All Files right of the flashing green "Single files"
  • Click Yes when it asks "Files will be Removed on Reboot, Do you want to reboot now?"

(Note: If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just reboot manually)

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.

Please post the C:\findlop.txt.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 1st, 2006, 7:30 am

TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/27/2006 22:31:00
NextRun: 11/03/2006 22:31:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 09/23/2006
EndDate: 00/00/0000
StartTime: 22:31
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'MP Scheduled Scan.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe'
Parameters: 'Scan -RestrictPrivileges'
WorkingDirectory: ''
Comment: 'Scheduled Scan'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 11/02/2006 1:42:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/01/2006
EndDate: 00/00/0000
StartTime: 01:42
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'XoftSpy.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\XoftSpy\XoftSpy.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files'
Comment: 'Runs XoftSpy at Scheduled Time.'
Creator: 'Tariq'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby pokhim » November 1st, 2006, 7:49 am

ok so i'm not to sure whether killbox did the job or not. i followed you instructions up tot he point:

Click Yes when it asks "Files will be Removed on Reboot, Do you want to reboot now?"


because it didn't ask me this, so i closed the program and rebooted manually. it did however chkdsk and deleted and few files and recified a few errors.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 1st, 2006, 8:11 am

Please run the Kapersky scan again and post (reply) with the results.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 1st, 2006, 2:53 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 01, 2006 6:52:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/11/2006
Kaspersky Anti-Virus database records: 223685
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan Statistics:
Total number of scanned objects: 80341
Number of viruses found: 7
Number of infected objects: 48 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:32:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Cash Corn.exe Infected: Trojan-Downloader.Win32.Swizzor.cr skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\PileGlue.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\plan tool.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Sect Curb.exe Infected: Trojan-Downloader.Win32.Swizzor.du skipped
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\Stylewave.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05082006-200008.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tariq\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\gxyirgry.exe Infected: Trojan-Downloader.Win32.Swizzor.cr skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\kprofcjp.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\pvzwquic.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\rlkloeug.exe Infected: Trojan-Downloader.Win32.Swizzor.ds skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\snmohuoi.exe Infected: Trojan-Downloader.Win32.Swizzor.du skipped
C:\Documents and Settings\Tariq\Application Data\bold byte mode\zxxyexgc.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped
C:\Documents and Settings\Tariq\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab/C:/Program Files/107up.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab/C:/Program Files/107up.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab CAB: infected - 2 skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbdam Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbdao Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbeam Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbeao Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbm Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\fii.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\hp Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Google\Google Desktop\55daec3b8657\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\History\History.IE5\MSHist012006110120061102\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Temp\~DF5E77.tmp Object is locked skipped
C:\Documents and Settings\Tariq\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tariq\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tariq\ntuser.dat.LOG Object is locked skipped
C:\Program Files\107up.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\Program Files\107up.exe ZIP: infected - 1 skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CE43687-4E36-4F41-8DD6-E3EE24\E07BD8A0-9E6D-450B-8775-9EE466 Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F8066BF-C15D-475F-A6B3-358AC3\73D20805-B670-4D0A-AAAC-ECA28F Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP750\A0237409.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP750\A0237409.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP751\A0238407.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP751\A0238407.exe RarSFX: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP752\A0239412.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP752\A0239412.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP753\A0239436.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP753\A0239436.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP755\A0239455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP755\A0239455.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP757\A0240457.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP757\A0240457.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP758\A0241455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP758\A0241455.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP759\A0242455.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP759\A0242455.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP766\A0243516.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP766\A0243516.exe RarSFX: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP772\A0243575.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP772\A0243575.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP773\A0244561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP773\A0244561.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP774\A0245561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP774\A0245561.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246561.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246561.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246577.exe/data.rar Infected: Trojan.RAR.KillWin.d skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP775\A0246577.exe RarSFX: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP776\A0246630.exe Object is locked skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP777\A0246652.exe/csrss.exe Infected: Trojan-Downloader.Win32.Agent.awi skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP777\A0246652.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{022AD596-A6D6-4ABC-A144-31931E9B2359}\RP778\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BE9FF905-4E01-4409-9F3F-F8F5B4F636EB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2877.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware