WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] help me get rid of the malware
Started by
leonidastconnolly
, Apr 06 2008 09:26 AM
-
This topic is locked
21 replies to this topic
#1
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 06 April 2008 - 09:26 AM
Register to Remove
#2
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 06 April 2008 - 10:21 AM
Hi, and Welcome to WhatTheTech 
My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
Please download HijackThis version 2.0.2 and save the file to your desktop. Double click the Hijackthis icon on your desktop and hit Do a System Scan and Save a Logfile and then copy and paste the log into a new reply, using the Add Reply button.
I need to see another log from HijackThis.
My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Please download HijackThis version 2.0.2 and save the file to your desktop. Double click the Hijackthis icon on your desktop and hit Do a System Scan and Save a Logfile and then copy and paste the log into a new reply, using the Add Reply button.
I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#3
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 06 April 2008 - 11:22 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:34 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Teresa Gearing\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
--
End of file - 7289 bytes
#4
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 06 April 2008 - 11:25 AM
Thanks, looking at this now.
Did you see this second part?
EDIT: Never mind, got it now.
Did you see this second part?
I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
EDIT: Never mind, got it now.
Edited by jpshortstuff, 06 April 2008 - 11:26 AM.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#5
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 06 April 2008 - 11:26 AM
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
AOL Setup
Apple Mobile Device Support
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free Edition
Bonjour
CONNECT
Corel Uninstaller
DesignPro 5.0 Sign Edition
DVgate Plus
GIMP 2.4.2
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Greetings Workshop
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HotKey Utility
InterActual Player
InterVideo WinDVD 5 for VAIO
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
LAN-Express AS IEEE 802.11 Wireless LAN
LiveUpdate 3.1 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft PhotoDraw 2000 V2
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Netscape Internet Service Setup
OpenMG Limited Patch 4.0-04-07-14-01
OpenMG Secure Module 4.0.00
palmOne
PhonicsTutor Classic
PhonicsTutor Classic Demo
PhonicsTutor Freqent Words
Photogize PrintWizard
PictureGear Studio 2.0
Print Server Driver
Quicken 2005
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Search Toolbar
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SoftV92 Data Fax Modem with SmartCP
SonicStage 2.1.00
Sony Certificate PCH
Sony Notebook Setup
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Sony XBRITE Screen Saver
Spybot - Search & Destroy
Stamps.com
Symantec Technical Support Web Controls
tcConference
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Power Management
VAIO Registration
VAIO SLIT Pattern Wallpaper
VAIO SLIT-C Screen Saver
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VIDEO VOICE Speech Training System - Version 3.0.87- February 4, 2008
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Welcome to VAIO life
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
#6
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 06 April 2008 - 02:18 PM
Hey jpshortstuff you still going to help me???????please help me
#7
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 07 April 2008 - 10:16 AM
Hi
Don't worry, I haven't forgotten about you. HijackThis logs take a while to research, plus, I am still in training so my replies must be checked first. Please be patient.
You appear to be running both AVG and Symantec Anti-Virus. You should only ever be running one Anti-Virus program as they could conflict and slow your system down. I recommend you uninstall AVG as Symantec is also your firewall. Instructions will be posted below.
Viewpoint Manager is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.
Please click Start >> Control Panel >> Add or Remove Programs.
Find each of the below items on the list and click remove on each one.
AVG Free Edition
Viewpoint Manager
Viewpoint Media Player
You need to disable TeaTimer, so that it doesn't interfere with our fix.
This is a two step process.
First step:
Disable Windows Defender.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
Close all browsers and windows except for HijackThis and click Fix Checked.
Please Right Click your Start button, and click Explore.
Next, locate and delete the following files and folders (if present):
Files:
C:\WINDOWS\system32\wmsdkns.exe <<FILE
If any of them aren't there then don't worry, but if you have a problem deleting one of them then please let me know.
Please reboot your computer at this point.
Please run this online scan:
Panda ActiveScan
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Don't worry, I haven't forgotten about you. HijackThis logs take a while to research, plus, I am still in training so my replies must be checked first. Please be patient.
You appear to be running both AVG and Symantec Anti-Virus. You should only ever be running one Anti-Virus program as they could conflict and slow your system down. I recommend you uninstall AVG as Symantec is also your firewall. Instructions will be posted below.
Viewpoint Manager is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.
Please click Start >> Control Panel >> Add or Remove Programs.
Find each of the below items on the list and click remove on each one.
AVG Free Edition
Viewpoint Manager
Viewpoint Media Player
You need to disable TeaTimer, so that it doesn't interfere with our fix.
This is a two step process.
First step:
- Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
- If you have the new version 1.5, click once on Resident Protection, then right-click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
- If you have Version 1.4, Click on Exit Spybot S&D Resident
- Open Spybot S&D
- Click Mode, choose Advanced Mode
- Go to the bottom of the vertical panel on the left, click Tools
- Then, also in left panel, click Resident shows a red/white shield.
- If your firewall raises a question, say OK
- In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
- OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
Disable Windows Defender.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
Close all browsers and windows except for HijackThis and click Fix Checked.
Please Right Click your Start button, and click Explore.
Next, locate and delete the following files and folders (if present):
Files:
C:\WINDOWS\system32\wmsdkns.exe <<FILE
If any of them aren't there then don't worry, but if you have a problem deleting one of them then please let me know.
Please reboot your computer at this point.
Please run this online scan:
Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Edited by jpshortstuff, 07 April 2008 - 10:17 AM.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#8
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 07 April 2008 - 07:11 PM
Hey jpshortstuff I followed all the directions fine...but when it came down to erasing the file "C:\WINDOWS\system32\wmsdkns.exe" it wouldnt let me.....what do I do? it says cannot delete access is denied....make sure the disk is not full or write-protected and that the file is not currently in use.
#9
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 08 April 2008 - 06:37 PM
Hi
Please download the OTMoveIt2 by OldTimer.
Then, please continue with the rest of my instructions as before (the Panda Scan, and then DSS).
Thanks.
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\wmsdkns.exe
- Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Then, please continue with the rest of my instructions as before (the Panda Scan, and then DSS).
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#10
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 08 April 2008 - 06:48 PM
C:\WINDOWS\system32\wmsdkns.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_204645
Register to Remove
#11
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 08 April 2008 - 06:53 PM
Great 
Continue with the Panda and DSS scans, I should be able to analyze them tomorrow morning (GMT 
).
Thanks.
Continue with the Panda and DSS scans, I should be able to analyze them tomorrow morning (GMT ).
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#12
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 08 April 2008 - 07:16 PM
the panda scan would not work ....it said...Sorry, updating is incomplete due to an error. Please try again.?????so everything else worked except the panda and dss scans.....and ohh yeah......I had you have to go back to hijackthis and remove those files everytime it dont work...because everytime you get back on the computer there back in place!!!????dont know whats up with that....please get back to me!!
#13
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 10 April 2008 - 09:10 AM
Hi
Ok, so there was a problem with the Panda scan, thats fine. We'll try another scan. Did you encounter a problem with DSS or did you just not run it as Panda didn't work? If you didn't try DSS last time, I want you to run it this time even if the following Kaspersky scan doesn't work. If the DSS scan fails, please post a new HijackThis log.
Please do an online scan with Kaspersky WebScanner
Follow this link in Internet Explorer (Note: You must use Internet explorer to use Kaspersky): Kaspersky WebScanner
You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
Now, please try this DSS scan whether or not the above scan worked, unless you have already tried it and it failed. Please leave your computer alone while DSS is scanning, or it may crash.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Thanks.
Ok, so there was a problem with the Panda scan, thats fine. We'll try another scan. Did you encounter a problem with DSS or did you just not run it as Panda didn't work? If you didn't try DSS last time, I want you to run it this time even if the following Kaspersky scan doesn't work. If the DSS scan fails, please post a new HijackThis log.
Please do an online scan with Kaspersky WebScanner
Follow this link in Internet Explorer (Note: You must use Internet explorer to use Kaspersky): Kaspersky WebScanner
You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:
Scan Archives Scan Mail Bases
- Click OK
- Now under select a target to scan:
Select My Computer
- The program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
- Save the file to your desktop.
Now, please try this DSS scan whether or not the above scan worked, unless you have already tried it and it failed. Please leave your computer alone while DSS is scanning, or it may crash.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#14
leonidastconnolly
-
- New Member
-
- 11 posts
New Member
Posted 11 April 2008 - 03:37 AM
Friday, April 11, 2008 5:34:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 696566
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 87721
Number of viruses found 14
Number of infected objects 22
Number of suspicious objects 20
Duration of the scan process 04:19:08
Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\bbneww.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe RarSFX: infected - 4 skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\656 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04062008-121526.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip/180ax.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip/zango.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Jack Gearing\Local Settings\Temporary Internet Files\Content.IE5\0VWBKN2T\CAWF6FWH.htm Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 3 skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 3 skipped
C:\Documents and Settings\Teresa Gearing\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Desktop\OUTLOOK DATA\mail\PersonalFolders_DeletedItems.mbox/[From Wellsfargo Bank. ][Date Wed Sep 05 06:59:41 2007]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Teresa Gearing\Desktop\OUTLOOK DATA\mail\PersonalFolders_DeletedItems.mbox/[From Wellsfargo Bank. ][Date Wed Sep 05 06:59:41 2007]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Teresa Gearing\Desktop\OUTLOOK DATA\mail\PersonalFolders_DeletedItems.mbox Mail Berkeley mbox: suspicious - 2 skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx/[From chadblaire290@cs.com][Date Wed, 15 Feb 2006 13:54:11 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx/[From chadblaire290@cs.com][Date Wed, 15 Feb 2006 13:54:11 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx/[From chadblaire290@cs.com][Date Wed, 15 Feb 2006 13:54:11 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx Mail MS Outlook 5: suspicious - 3 skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Documents and Settings\Teresa Gearing\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teresa Gearing\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Teresa Gearing\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\Search Toolbar\tbhelper.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bt skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0001NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0912NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP927\A0200592.exe Infected: not-a-virus:AdWare.Win32.AdBand.m skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP927\A0200594.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP927\A0200595.dll Infected: not-a-virus:AdWare.Win32.AdBand.p skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0219327.exe Infected: not-a-virus:AdWare.Win32.Agent.ahs skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223335.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223337.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223350.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223351.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0225350.exe Infected: Worm.Win32.Socks.bn skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP942\A0226426.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bn skipped
C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP954\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1482CB9C-F611-4FD9-9A0C-595CA33E55DC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\TMP000000012488A3D18D9A504B Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\04082008_204645\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped
Scan process completed.
#15
jpshortstuff
-
- Authentic Member
-
- 5,710 posts
Teacher Emeritus
Posted 11 April 2008 - 03:51 AM
Ok, thanks for that, looking now.
I assume that this means you can't get DSS to work? If so, can I see a new HijackThis log please?
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
