Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91636 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] help me get rid of the malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 06 April 2008 - 09:26 AM

I have this malware and I cant get rid of it!!!!! It changed my desktop and replaced the picture to link to this web site "http://livesecurityc...r.com/?aid=444" it also keep popping up a windows security warnig about a trojanhorse virus......please help me ...........I need instructions on how to eliminate this problem

    Advertisements

Register to Remove


#2 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 06 April 2008 - 10:21 AM

Hi, and Welcome to WhatTheTech :)

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
As I am still training, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.


Please download HijackThis version 2.0.2 and save the file to your desktop. Double click the Hijackthis icon on your desktop and hit Do a System Scan and Save a Logfile and then copy and paste the log into a new reply, using the Add Reply button.

I need to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
jpshortstuff

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#3 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 06 April 2008 - 11:22 AM

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:18:34 PM, on 4/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wmsdkns.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Teresa Gearing\Desktop\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Google Updater.lnk.disabled O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- End of file - 7289 bytes

#4 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 06 April 2008 - 11:25 AM

Thanks, looking at this now.

Did you see this second part?

I need to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.


EDIT: Never mind, got it now.

Edited by jpshortstuff, 06 April 2008 - 11:26 AM.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#5 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 06 April 2008 - 11:26 AM

Adobe Acrobat 5.0 Adobe Flash Player ActiveX Adobe Reader 7.0.8 AOL Setup Apple Mobile Device Support ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AVG Free Edition Bonjour CONNECT Corel Uninstaller DesignPro 5.0 Sign Edition DVgate Plus GIMP 2.4.2 Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Updater Greetings Workshop HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) HotKey Utility InterActual Player InterVideo WinDVD 5 for VAIO iTunes Java 2 Runtime Environment, SE v1.4.2_05 LAN-Express AS IEEE 802.11 Wireless LAN LiveUpdate 3.1 (Symantec Corporation) Logitech Desktop Messenger Logitech Print Service Logitech QuickCam Software Logitech® Camera Driver Macromedia Shockwave Player Memory Stick Formatter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft PhotoDraw 2000 V2 Microsoft Works MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Netscape Internet Service Setup OpenMG Limited Patch 4.0-04-07-14-01 OpenMG Secure Module 4.0.00 palmOne PhonicsTutor Classic PhonicsTutor Classic Demo PhonicsTutor Freqent Words Photogize PrintWizard PictureGear Studio 2.0 Print Server Driver Quicken 2005 QuickTime RealPlayer Realtek AC'97 Audio Rhapsody Player Engine Search Toolbar Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) SoftV92 Data Fax Modem with SmartCP SonicStage 2.1.00 Sony Certificate PCH Sony Notebook Setup Sony USB Mouse Sony Utilities DLL Sony Video Shared Library Sony XBRITE Screen Saver Spybot - Search & Destroy Stamps.com Symantec Technical Support Web Controls tcConference Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) VAIO Entertainment Platform VAIO Help and Support VAIO Media 3.1 VAIO Media Integrated Server 3.1 VAIO Media Redistribution 3.1 VAIO Power Management VAIO Registration VAIO SLIT Pattern Wallpaper VAIO SLIT-C Screen Saver VAIO Survey Standalone VAIO Update 2 VAIO Wireless Utility VIDEO VOICE Speech Training System - Version 3.0.87- February 4, 2008 Viewpoint Manager (Remove Only) Viewpoint Media Player Welcome to VAIO life Windows Defender Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086

#6 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 06 April 2008 - 02:18 PM

Hey jpshortstuff you still going to help me???????please help me

#7 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 07 April 2008 - 10:16 AM

Hi

Don't worry, I haven't forgotten about you. HijackThis logs take a while to research, plus, I am still in training so my replies must be checked first. Please be patient.

You appear to be running both AVG and Symantec Anti-Virus. You should only ever be running one Anti-Virus program as they could conflict and slow your system down. I recommend you uninstall AVG as Symantec is also your firewall. Instructions will be posted below.

Viewpoint Manager is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.

Please click Start >> Control Panel >> Add or Remove Programs.
Find each of the below items on the list and click remove on each one.
AVG Free Edition
Viewpoint Manager
Viewpoint Media Player



You need to disable TeaTimer, so that it doesn't interfere with our fix.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, click once on Resident Protection, then right-click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For both versions :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left, click Tools
  • Then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Disable Windows Defender.

Open Windows Defender.

Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again.


Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)


Close all browsers and windows except for HijackThis and click Fix Checked.



Please Right Click your Start button, and click Explore.
Next, locate and delete the following files and folders (if present):

Files:
C:\WINDOWS\system32\wmsdkns.exe <<FILE

If any of them aren't there then don't worry, but if you have a problem deleting one of them then please let me know.

Please reboot your computer at this point.


Please run this online scan:

Panda ActiveScan

  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Thanks.

Edited by jpshortstuff, 07 April 2008 - 10:17 AM.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#8 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 07 April 2008 - 07:11 PM

Hey jpshortstuff I followed all the directions fine...but when it came down to erasing the file "C:\WINDOWS\system32\wmsdkns.exe" it wouldnt let me.....what do I do? it says cannot delete access is denied....make sure the disk is not full or write-protected and that the file is not currently in use.

#9 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 08 April 2008 - 06:37 PM

Hi

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\wmsdkns.exe
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Then, please continue with the rest of my instructions as before (the Panda Scan, and then DSS).

Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#10 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 08 April 2008 - 06:48 PM

C:\WINDOWS\system32\wmsdkns.exe moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_204645

    Advertisements

Register to Remove


#11 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 08 April 2008 - 06:53 PM

Great :thumbup: Continue with the Panda and DSS scans, I should be able to analyze them tomorrow morning (GMT ;)). Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#12 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 08 April 2008 - 07:16 PM

the panda scan would not work ....it said...Sorry, updating is incomplete due to an error. Please try again.?????so everything else worked except the panda and dss scans.....and ohh yeah......I had you have to go back to hijackthis and remove those files everytime it dont work...because everytime you get back on the computer there back in place!!!????dont know whats up with that....please get back to me!!

#13 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 10 April 2008 - 09:10 AM

Hi

Ok, so there was a problem with the Panda scan, thats fine. We'll try another scan. Did you encounter a problem with DSS or did you just not run it as Panda didn't work? If you didn't try DSS last time, I want you to run it this time even if the following Kaspersky scan doesn't work. If the DSS scan fails, please post a new HijackThis log.


Please do an online scan with Kaspersky WebScanner

Follow this link in Internet Explorer (Note: You must use Internet explorer to use Kaspersky): Kaspersky WebScanner

You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)

    o Scan Options:
    Scan Archives Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    o Now click on the Save as Text button:
  • Save the file to your desktop.
Please post the results of the Kaspersky scan in your next reply.


Now, please try this DSS scan whether or not the above scan worked, unless you have already tried it and it failed. Please leave your computer alone while DSS is scanning, or it may crash.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
If the DSS scan does fail, please post a new HijackThis log.

Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#14 leonidastconnolly

leonidastconnolly

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 11 April 2008 - 03:37 AM

Friday, April 11, 2008 5:34:25 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 11/04/2008 Kaspersky Anti-Virus database records: 696566 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ Scan Statistics Total number of scanned objects 87721 Number of viruses found 14 Number of infected objects 22 Number of suspicious objects 20 Duration of the scan process 04:19:08 Infected Object Name Virus Name Last Action C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\bbneww.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Deckard\System Scanner\backup\DOCUME~1\TERESA~1\LOCALS~1\Temp\syswcc32.exe RarSFX: infected - 4 skipped C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\656 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04062008-121526.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip/180ax.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip/zango.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\Jack Gearing\Local Settings\Temporary Internet Files\Content.IE5\0VWBKN2T\CAWF6FWH.htm Suspicious: Trojan-Spy.HTML.Fraud.gen skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 3 skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx/[From icho557@aol.com][Date Mon, 27 Dec 2004 13:53:01 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Application Data\Identities\{D2D65E3A-F6CB-48F2-80AC-03062E432B50}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 3 skipped C:\Documents and Settings\Teresa Gearing\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Teresa Gearing\Desktop\OUTLOOK DATA\mail\PersonalFolders_DeletedItems.mbox/[From Wellsfargo Bank. ][Date Wed Sep 05 06:59:41 2007]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped C:\Documents and Settings\Teresa Gearing\Desktop\OUTLOOK DATA\mail\PersonalFolders_DeletedItems.mbox/[From Wellsfargo Bank. ][Date Wed Sep 05 06:59:41 2007]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped C:\Documents and Settings\Teresa Gearing\Desktop\OUTLOOK DATA\mail\PersonalFolders_DeletedItems.mbox Mail Berkeley mbox: suspicious - 2 skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx/[From chadblaire290@cs.com][Date Wed, 15 Feb 2006 13:54:11 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx/[From chadblaire290@cs.com][Date Wed, 15 Feb 2006 13:54:11 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx/[From chadblaire290@cs.com][Date Wed, 15 Feb 2006 13:54:11 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Identities\{4B5659F5-9CD9-42E2-AEAD-C2E967C05C0A}\Microsoft\Outlook Express.20060218\Deleted Items.dbx Mail MS Outlook 5: suspicious - 3 skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Teresa Gearing\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Teresa Gearing\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped C:\Documents and Settings\Teresa Gearing\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Teresa Gearing\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Teresa Gearing\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe NSIS: infected - 1 skipped C:\Program Files\Search Toolbar\tbhelper.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bt skipped C:\Program Files\Symantec AntiVirus\SAVRT\0001NAV~.TMP Object is locked skipped C:\Program Files\Symantec AntiVirus\SAVRT\0912NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP927\A0200592.exe Infected: not-a-virus:AdWare.Win32.AdBand.m skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP927\A0200594.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP927\A0200595.dll Infected: not-a-virus:AdWare.Win32.AdBand.p skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0219327.exe Infected: not-a-virus:AdWare.Win32.Agent.ahs skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223335.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223337.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223350.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0223351.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP940\A0225350.exe Infected: Worm.Win32.Socks.bn skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP942\A0226426.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bn skipped C:\System Volume Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP954\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{1482CB9C-F611-4FD9-9A0C-595CA33E55DC}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\TMP000000012488A3D18D9A504B Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\_OTMoveIt\MovedFiles\04082008_204645\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped Scan process completed.

#15 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 11 April 2008 - 03:51 AM

Ok, thanks for that, looking now. I assume that this means you can't get DSS to work? If so, can I see a new HijackThis log please?

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users