Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijackthis.log


  • Please log in to reply
35 replies to this topic

#16 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 15 April 2007 - 03:06 PM

hi i did all the tasks u told me too do but the kaspersky would hang at 87% and dont move over 2 hours so i did it by pickin the folders if i need too pick my computer then i will do it again if needed here is the logs u asked for:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 15, 2007 4:52:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/04/2007
Kaspersky Anti-Virus database records: 297497
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\2SPPatcher\
C:\51b2c8350f7a3ea86da0\
C:\684f9e0fc16f6e2bab\
C:\7a47444e95b4c54aecfa4b\
C:\98517ad18df1422977\
C:\ATI\
C:\CanonMP\
C:\Config.Msi\
C:\Documents and Settings\Administrator\
C:\Documents and Settings\All Users\
C:\Documents and Settings\Default User\
C:\Documents and Settings\LocalService\
C:\Documents and Settings\Mike\Application Data\
C:\Documents and Settings\Mike\Cookies\
C:\Documents and Settings\Mike\Desktop\
C:\Documents and Settings\Mike\Favorites\
C:\Documents and Settings\Mike\Local Settings\
C:\Documents and Settings\Mike\My Documents\Alcohol 120%\
C:\Documents and Settings\Mike\My Documents\CyberLink\
C:\Documents and Settings\Mike\My Documents\My Music\
C:\Documents and Settings\Mike\My Documents\My Pictures\
C:\Documents and Settings\Mike\My Documents\My Received Files\
C:\Documents and Settings\Mike\My Documents\My Videos\
C:\Documents and Settings\Mike\My Documents\Nero Home\
C:\Documents and Settings\Mike\My Documents\Nero Recode\
C:\Documents and Settings\Mike\My Documents\NeroVision\
C:\Documents and Settings\Mike\My Documents\PcSetup\
C:\Documents and Settings\Mike\My Recent Documents\
C:\Documents and Settings\Mike\NetHood\
C:\Documents and Settings\Mike\PrintHood\
C:\Documents and Settings\Mike\SendTo\
C:\Documents and Settings\Mike\Start Menu\
C:\Documents and Settings\Mike\Templates\
C:\Documents and Settings\Mike\UserData\
C:\Documents and Settings\NetworkService\
C:\e51408a88ce39ef47ef1591ccd68\
C:\Program Files\
C:\RECYCLER\
C:\System Volume Information\
C:\UT2004\
C:\VundoFix Backups\
C:\WINDOWS\

Scan Statistics:
Total number of scanned objects: 43815
Number of viruses found: 7
Number of infected objects: 85 / 0
Number of suspicious objects: 0
Duration of the scan process: 06:47:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012007-003756.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Desktop\New Briefcase\Nero-7.7.5.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\Desktop\New Briefcase\Nero-7.7.5.1_eng_trial.exe RAR: infected - 1 skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012007041520070416\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP71\A0023502.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP72\A0023586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP78\A0023748.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025716.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025719.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025720.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025721.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025722.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025724.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025725.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025727.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025728.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025729.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025733.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025734.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025736.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025738.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025739.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025743.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025744.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025747.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025748.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025749.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025750.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025753.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025754.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025755.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025756.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025758.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025759.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025760.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP90\A0026446.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP94\A0026507.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP94\A0026507.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP94\A0026507.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP95\change.log Object is locked skipped
C:\VundoFix Backups\aihnjrpf.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\awtqo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\VundoFix Backups\axafrdhw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\bkfxnuti.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\cxibdlhb.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\dajtskbl.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\eoorognw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\etgfskqs.dll.bad Infected: Packed.Win32.Klone.j skipped
C:\VundoFix Backups\fqoujmrs.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\fuvgkqeh.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\geilofps.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\gprkdkgo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\iewwuypo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jmphqjff.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\kaeqfeky.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\lftfrwqo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\llwjktrl.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\odltmqcc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\oqpfaswd.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\pmnlm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\VundoFix Backups\ppshuqpt.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\qcqutxdg.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\rfbtirdc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\ujrlwxhp.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\vobrxijr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wvywnjcp.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xpcbrthr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xtrdfihy.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xvdaybfe.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\yaeyshwg.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdmtjqiv.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\bxtfhvda.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cqaqadhq.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\daseteum.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\fhqrtmqo.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\fwtqdktt.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\hhqqlmuy.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\jsojpsfy.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\ksmptuuv.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\kurseohx.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\lubiroaj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\lvlsxgpg.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\oobubtxp.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\orwwbiql.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\twargwlh.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xmwduhmr.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\xxwqrwpr.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000006-00001102-00000004-00511102}.CDF Object is locked skipped

Scan process completed.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:52:47 PM 14/04/2007

+ Scan result:



C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025730.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025740.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025751.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\hgghhfc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljihhh.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\rqrpppo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 4:55:37 PM, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mike\Desktop\HJT\removal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175623727953
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    Advertisements

Register to Remove


#17 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 15 April 2007 - 04:41 PM

Hi batata

Were getting there

Download the Killbox.
Unzip it to the desktop. Don't run it yet

Open Notepad.
Copy/Paste right click copy and paste or control-C, Control-V the following lines in bold into the Notepad.


C:\WINDOWS\system32\xxwqrwpr.dll
C:\WINDOWS\system32\xmwduhmr.dll
C:\WINDOWS\system32\twargwlh.dll
C:\WINDOWS\system32\orwwbiql.dll
C:\WINDOWS\system32\oobubtxp.dll
C:\WINDOWS\system32\lvlsxgpg.dll
C:\WINDOWS\system32\lubiroaj.dll
C:\WINDOWS\system32\kurseohx.dll
C:\WINDOWS\system32\ksmptuuv.dll
C:\WINDOWS\system32\jsojpsfy.dll
C:\WINDOWS\system32\hhqqlmuy.dll
C:\WINDOWS\system32\fwtqdktt.dll
C:\WINDOWS\system32\fhqrtmqo.dll
C:\WINDOWS\system32\daseteum.dll
C:\WINDOWS\system32\cqaqadhq.dll
C:\WINDOWS\system32\bxtfhvda.dll
C:\WINDOWS\system32\bdmtjqiv.dll


Then save the document to your desktop. Name it eg "filefixList.txt" without the quotes
__________________________

Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

Please run Killbox.
Select "Delete on Reboot".
Click on "All Files" button

Open the Notepad file you saved earlier (filefixlist.txt). Copy the file names from it to the clipboard by highlighting them right click copy or pressing Control-C.

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

__________

Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\VundoFix Backups <=======This folder
C:\Documents and Settings\Mike\Desktop\New Briefcase <=====This folder

reboot into normal mode.
________________


Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used.

Now I would like you to reset your system restore points by following the instructions set out below

1) On the Desktop, right-click My Computer
2) Click on Properties. Click the System Restore tab.
3) Look for the box near the top which says
Turn off system restore off on all drives

4) Place a tick in the box to disable
5) Click Apply first, and then click OK and the window will dissapear.

Now reboot your computer....

6) Right-click My Computer once more
7) Click on Properties. Click the System Restore tab again
8) Look for the box near the top which says
Turn off system restore off on all drives

9)Take out the tick from the box so it is empty
10) Click Apply first, and then click OK.
Now restart your computer once more to complete the process

_________________________


Your Java is out of date Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says " Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Can you do me a further kaspersky scan want to see we have those files.

Please include new HJT log, and kaspersky log
in your next post
Thanks dan

#18 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 15 April 2007 - 07:18 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:14:00 PM, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mike\Desktop\HJT\removal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175623727953
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 15, 2007 9:13:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/04/2007
Kaspersky Anti-Virus database records: 297685
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 41601
Number of viruses found: 4
Number of infected objects: 47 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:59:40

Infected Object Name / Virus Name / Last Action
C:\!KillBox\bdmtjqiv.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\bxtfhvda.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\cqaqadhq.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\daseteum.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\fhqrtmqo.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\fwtqdktt.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\hhqqlmuy.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\jsojpsfy.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\ksmptuuv.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\kurseohx.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\lubiroaj.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\lvlsxgpg.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\oobubtxp.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\orwwbiql.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\twargwlh.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\xmwduhmr.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\xxwqrwpr.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012007-003756.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012007041520070416\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\aihnjrpf.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\awtqo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\axafrdhw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\bkfxnuti.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\cxibdlhb.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\dajtskbl.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\eoorognw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\etgfskqs.dll.bad Infected: Packed.Win32.Klone.j skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\fqoujmrs.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\fuvgkqeh.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\geilofps.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\gprkdkgo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\iewwuypo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\jmphqjff.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\kaeqfeky.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\lftfrwqo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\llwjktrl.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\odltmqcc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\oqpfaswd.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\pmnlm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\ppshuqpt.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\qcqutxdg.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\rfbtirdc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\ujrlwxhp.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\vobrxijr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\wvywnjcp.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\xpcbrthr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\xtrdfihy.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\xvdaybfe.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\RECYCLER\S-1-5-21-117609710-2146687373-839522115-1003\Dc1\yaeyshwg.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4D2CCB6D-849D-4D54-B483-5E8248DEEDD0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000006-00001102-00000004-00511102}.CDF Object is locked skipped

Scan process completed.


i deleted all the things in my recycle bin cuz i seen that the virus was in the bin after i deleted them

Edited by batata, 15 April 2007 - 07:22 PM.


#19 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 15 April 2007 - 09:18 PM

this is the logs after i deleted the things in my Recycle Bin :


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 15, 2007 11:11:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/04/2007
Kaspersky Anti-Virus database records: 297700
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 28091
Number of viruses found: 1
Number of infected objects: 17 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:58:40

Infected Object Name / Virus Name / Last Action
C:\!KillBox\bdmtjqiv.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\bxtfhvda.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\cqaqadhq.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\daseteum.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\fhqrtmqo.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\fwtqdktt.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\hhqqlmuy.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\jsojpsfy.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\ksmptuuv.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\kurseohx.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\lubiroaj.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\lvlsxgpg.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\oobubtxp.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\orwwbiql.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\twargwlh.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\xmwduhmr.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\xxwqrwpr.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012007-003756.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012007041520070416\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4D2CCB6D-849D-4D54-B483-5E8248DEEDD0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000006-00001102-00000004-00511102}.CDF Object is locked skipped

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 11:12:35 PM, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mike\Desktop\HJT\removal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175623727953
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe



and ty for the help sofar buddy ;)

#20 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 15 April 2007 - 11:11 PM

Hi, I have to work today so will get back to you later catch you soon. dan

#21 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 16 April 2007 - 12:27 PM

ok ill wait till u get back.

Edited by batata, 16 April 2007 - 12:28 PM.


#22 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 16 April 2007 - 03:02 PM

Hi batata

Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\!KillBox <======This folder has done it's job please delete.

________________

Please do not surf the net untill you have your protection in place, do it immediately.
You can be re-infected in 5 minutes without an AntiVirus.


First, there are a few very important security program that you are In need of. These programs are essential to prevent you from getting reinfected:


* Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. Please download and install one antivirus program from the following list, download the latest signatures, and do a full system scan.

o AVG Anti-Virus
o Avast Home Edition
* Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check http://www.bleepingc...tutorial60.html" target="_blank">This webpage out. 2 free ones available for personal use:

o Kerio Personal Firewall
o ZoneAlarm

Without these programs, you will be quickly reinfected, and we would just be wasting our time trying to clean your computer.

Please post a new HJT log
Thanks dan

#23 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 16 April 2007 - 03:59 PM

hi dan and ty for your help but i have a question for u i have put a antivirus on this system and i have uninstaled it cuz it asent what i wanted and under my comps protection it says i still have it protecting my computer can u help me remove it before i put in a new one i had mcafee anti virus i just found a remover tool but under windows security center its says its there and ON

Edited by batata, 16 April 2007 - 04:06 PM.


#24 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 16 April 2007 - 04:24 PM

Hi, I'm not seeing an antivirus on here.
can you:
Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Thanks

#25 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 16 April 2007 - 04:32 PM

Adobe Flash Player 9 ActiveX AMD CPUInfo AMD Dual-Core Optimizer ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AVG Anti-Spyware 7.5 ConvertXtoDVD 2.1.12.214 Creative Audio Console EVE-ONLINE (remove only) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB929120) Java™ SE Runtime Environment 6 Update 1 Kaspersky Online Scanner Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (2.0.0.3) MPEG Video Wizard DVD MSXML 6.0 Parser (KB927977) Nero 7 PeerGuardian 2.0 PowerDVD PowerISO Registry Mechanic 6.0 Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) ULi AGP Driver ULi LAN Driver ULi SATA Driver Unreal Tournament 2004 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB929338) Update for Windows XP (KB931836) Ventrilo Client WinAVIVideoConverter Windows Communication Foundation Windows Defender Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows Workflow Foundation Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver WinZip XP Codec Pack

    Advertisements

Register to Remove


#26 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 16 April 2007 - 04:49 PM

Hi, Right your uninstall list shows no antivirus running. go to control panel, security Center and tell me what it says exactly. Your only protection now is the resident AVG-AS. which Won't stop the older Virus's. Untill we have this problem sorted my advice would be to stay of the net as much as possible. Thanks dan

Edited by dan12, 16 April 2007 - 04:50 PM.


#27 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 16 April 2007 - 07:41 PM

hi dan under the virus protection it has a green light and ON

#28 batata

batata

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 16 April 2007 - 09:08 PM

hi dan i have downloaded the second antivirus scan avast one and didnt get the firewall one cuz wanted too know if it matters i have a router ? well this is the log after the install of the antivirus without the firewall :


Logfile of HijackThis v1.99.1
Scan saved at 11:00:45 PM, on 16/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mike\Desktop\HJT\removal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175623727953
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

and ty for the help again .



PS i just noticed that under windows secuity center under virus protection this is whats in there :

windows found more than one antivirus program on this computer and at least one reports that it is currently up to date and virus scanning is on. Antivirus software helps your computer against viruses and other security threats.

Edited by batata, 16 April 2007 - 09:28 PM.


#29 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 17 April 2007 - 03:00 AM

In security Center does it name the antivirus program. There will be a drop down tab at the side of the green light do this for the antivirus and firewall and let me know.

#30 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 17 April 2007 - 04:26 AM

A Router tends to hide your address through the NAT address translation, but does not directly prevent anything from coming or going. You need a third party firewall. The XP firewall is prob acceptable, (but not optimum) behind a NAT router. Important can you verify that the security center shows the Firewall is ON. Thanks dan

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users