1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan spyware - HIJACK THIS LOG

Discussion in 'Malware and Virus Removal Archive' started by RebeccainTO, 2008/04/21.

Page 4 of 4
  1. 2008/05/05
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Combo Fix!!!!

    Found it!
    Wasn't on desktop as admin...but searched....and found!

    ComboFix 08-05-01.3 - Administrator 2008-05-05 8:14:42.7 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.811 [GMT -4:00]
    Running from: C:\Documents and Settings\win\Desktop\FixCombo.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\mainms.vpi
    C:\WINDOWS\megavid.cdt
    C:\WINDOWS\muotr.so

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSSECURITY1.209.4
    -------\Legacy_PERFMONS
    -------\Legacy_ROUTING


    ((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
    .

    2008-05-03 21:00 . 2008-05-03 21:12 345 --a------ C:\WINDOWS\gmer.ini
    2008-05-01 21:07 . 2008-05-01 21:07 281,600 --a------ C:\WINDOWS\system32\tmp1_863804466084.bk
    2008-05-01 21:07 . 2008-05-01 21:07 281,600 --a------ C:\WINDOWS\system32\tmp0_711229534612.bk
    2008-05-01 19:41 . 2008-05-01 19:41 268 --ah----- C:\sqmdata08.sqm
    2008-05-01 19:41 . 2008-05-01 19:41 244 --ah----- C:\sqmnoopt09.sqm
    2008-05-01 11:07 . 2008-05-01 11:07 <DIR> d-------- C:\Program Files\BHOK It Consulting
    2008-05-01 10:44 . 2008-05-01 10:44 268 --ah----- C:\sqmdata07.sqm
    2008-05-01 10:44 . 2008-05-01 10:44 244 --ah----- C:\sqmnoopt08.sqm
    2008-05-01 09:35 . 2008-05-01 09:35 268 --ah----- C:\sqmdata06.sqm
    2008-05-01 09:35 . 2008-05-01 09:35 244 --ah----- C:\sqmnoopt07.sqm
    2008-05-01 09:22 . 2008-05-01 10:09 <DIR> d-------- C:\ComboFix
    2008-04-30 21:50 . 2008-04-30 21:50 268 --ah----- C:\sqmdata03.sqm
    2008-04-30 21:50 . 2008-04-30 21:50 244 --ah----- C:\sqmnoopt05.sqm
    2008-04-30 10:18 . 2008-04-30 10:18 268 --ah----- C:\sqmdata00.sqm
    2008-04-30 10:18 . 2008-04-30 10:18 244 --ah----- C:\sqmnoopt02.sqm
    2008-04-27 19:15 . 2008-04-27 19:15 423,424 --a------ C:\WINDOWS\system32\tmp4_633632236078.bk
    2008-04-27 19:15 . 2008-04-27 19:15 423,424 --a------ C:\WINDOWS\system32\tmp4_46227874802.bk
    2008-04-27 19:15 . 2008-04-27 19:15 281,600 --a------ C:\WINDOWS\system32\tmp1_614482403498.bk
    2008-04-27 19:15 . 2008-04-27 19:15 281,600 --a------ C:\WINDOWS\system32\tmp0_412260398302.bk
    2008-04-27 19:15 . 2008-04-27 19:15 264,704 --a------ C:\WINDOWS\system32\tmp3_87783046313.bk
    2008-04-27 19:15 . 2008-04-27 19:15 264,704 --a------ C:\WINDOWS\system32\tmp3_510296375759.bk
    2008-04-27 19:14 . 2008-04-27 19:14 281,600 --a------ C:\WINDOWS\system32\tmp1_5569623664.bk
    2008-04-27 19:14 . 2008-04-27 19:14 281,600 --a------ C:\WINDOWS\system32\tmp0_169738313379.bk
    2008-04-27 12:12 . 2008-04-27 12:12 <DIR> d-------- C:\Program Files\COMODO
    2008-04-27 12:12 . 2008-04-27 12:12 <DIR> d-------- C:\Documents and Settings\win\Application Data\Comodo
    2008-04-27 12:12 . 2008-04-27 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
    2008-04-27 12:12 . 2008-04-27 12:12 139,008 --a------ C:\WINDOWS\system32\guard32.dll
    2008-04-27 12:12 . 2008-04-27 12:12 87,312 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
    2008-04-27 12:12 . 2008-04-27 12:12 23,824 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
    2008-04-27 11:59 . 2008-04-27 11:59 <DIR> d-------- C:\Documents and Settings\win\Application Data\WinPatrol
    2008-04-27 10:53 . 2008-04-27 10:53 <DIR> d-------- C:\Program Files\Alwil Software
    2008-04-27 10:37 . 2008-04-27 10:37 <DIR> d-------- C:\Program Files\BillP Studios
    2008-04-27 10:34 . 2008-04-27 10:34 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-04-27 10:34 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-04-26 16:40 . 2008-04-26 16:40 0 --a------ C:\Documents
    2008-04-23 20:39 . 2008-04-23 20:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-23 20:39 . 2008-04-23 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-21 22:17 . 2008-04-21 22:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2008-04-21 21:33 . 2008-04-21 21:33 <DIR> d-------- C:\Documents and Settings\win\Application Data\Malwarebytes
    2008-04-21 21:33 . 2008-04-21 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-21 12:06 . 2008-04-21 12:06 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-21 00:16 . 2008-04-21 00:16 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-19 22:04 . 2008-04-19 22:04 <DIR> d-------- C:\Documents and Settings\Administrator.WIN-FDA9083A0F2\Application Data\ATI
    2008-04-19 20:35 . 2008-04-19 20:35 <DIR> d-------- C:\Documents and Settings\Administrator.WIN-FDA9083A0F2
    2008-04-19 20:35 . 2008-05-05 08:15 139,264 --ah----- C:\Documents and Settings\Administrator.WIN-FDA9083A0F2\NtUser.dat.LOG
    2008-04-19 08:17 . 2008-04-19 08:18 15,452,536 --------- C:\Program Files\IE7-WindowsXP-x86-enu.exe
    2008-04-19 07:33 . 2008-04-19 07:34 963,813 --a------ C:\Program Files\rootalyz.zip
    2008-04-19 02:07 . 2008-04-19 02:07 206 --a------ C:\Delme.bat
    2008-04-19 01:52 . 2008-04-19 01:52 <DIR> d-------- C:\Documents and Settings\Rebecca\Application Data\Nero
    2008-04-19 01:19 . 2008-04-19 01:23 <DIR> d---s---- C:\Documents and Settings\Administrator
    2008-04-19 01:19 . 2008-05-05 07:56 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
    2008-04-18 21:42 . 2008-04-21 13:31 109,794 --a------ C:\WINDOWS\BM2f18a5ad.xml
    2008-04-18 21:35 . 2007-09-10 09:42 1,934,016 --a------ C:\WINDOWS\system32\FMPrint4.ocx
    2008-04-18 21:35 . 2007-09-10 09:39 397,312 --a------ C:\WINDOWS\system32\ClassX.dll
    2008-04-18 21:35 . 2004-05-20 13:19 214,232 --a------ C:\WINDOWS\system32\CSMSGAPI.DLL
    2008-04-18 21:35 . 2001-11-27 18:27 210,200 --a------ C:\WINDOWS\system32\TWNPRO3.DLL
    2008-04-18 21:35 . 2004-05-20 13:19 210,176 --a------ C:\WINDOWS\system32\CSMTPAPI.DLL
    2008-04-18 21:35 . 2007-09-10 09:41 172,032 --a------ C:\WINDOWS\system32\FMjr10.dll
    2008-04-18 21:35 . 2002-01-21 21:10 122,880 --a------ C:\WINDOWS\system32\TWNLIB3.DLL
    2008-04-18 21:35 . 2007-09-10 09:39 6,144 --a------ C:\WINDOWS\system32\ClassXps.dll
    2008-04-18 21:35 . 2008-04-18 21:35 0 --a------ C:\WINDOWS\system32\FaxMan
    2008-04-17 14:39 . 2008-04-17 14:39 <DIR> d-------- C:\Program Files\DVD Shrink
    2008-04-16 08:16 . 2008-04-16 08:16 <DIR> d-------- C:\WINDOWS\system32\netdd
    2008-04-15 23:38 . 2008-04-17 08:17 40 ---hs---- C:\Documents and Settings\All Users\Application Data\.zreglib
    2008-04-15 23:05 . 2008-04-17 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
    2008-04-15 23:01 . 2008-04-15 23:05 24 ---hs---- C:\WINDOWS\SA6DACD58.tmp
    2008-04-09 09:48 . 2008-04-10 21:28 128 --a------ C:\WINDOWS\system32\1.tsk

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-05 11:50 --------- d-----w C:\Documents and Settings\win\Application Data\Skype
    2008-05-03 23:38 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2008-04-28 13:34 --------- d-----w C:\Program Files\MSTpscre
    2008-04-25 13:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-25 12:47 --------- d-----w C:\Documents and Settings\win\Application Data\uTorrent
    2008-04-25 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-22 13:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-19 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-19 00:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-04-16 01:52 87,608 ----a-w C:\Documents and Settings\win\Application Data\inst.exe
    2008-04-16 01:52 47,360 ----a-w C:\Documents and Settings\win\Application Data\pcouffin.sys
    2008-04-16 01:52 --------- d-----w C:\Program Files\VSO
    2008-04-16 01:52 --------- d-----w C:\Documents and Settings\win\Application Data\Vso
    2008-03-30 04:42 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-02 20:07 31,896 ----a-w C:\Documents and Settings\win\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-21 22:44 691,545 ----a-w C:\WINDOWS\unins000.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2004-08-10 03:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "NeroHomeFirstStart "= "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
    "LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 14:04 221184]
    "LogitechCameraAssistant "= "C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-09-07 07:33 434176]
    "LogitechVideo[inspector] "= "C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-09-07 07:39 73728]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
    "OpwareSE2 "= "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "RemoteControl "= "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
    "itype "= "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
    "IntelliPoint "= "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
    "Tpscrex "= "C:\Program Files\MSTpscre\Tpscrex.exe" [ ]
    "NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "Fax Machine "=" " []
    "avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
    "COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-27 12:12 1572608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 11:37 28672]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 11:37:26 28672]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 15:52:01 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=C:\WINDOWS\system32\guard32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe "=
    "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\StubInstaller.exe "=
    "C:\\Program Files\\LimeWire\\LimeWire.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\WINDOWS\\system32\\dpvsetup.exe "=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=
    "C:\\WINDOWS\\system32\\mmc.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-30 23:22]
    S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
    S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-27 12:12]
    S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-27 12:12]
    S2 AFinding;AFinding Service;C:\WINDOWS\system32\afinding.exe [2001-08-18 08:00]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
    S2 WServing;WServing Service;C:\WINDOWS\system32\wserving.exe [2001-08-18 08:00]
    S3 LcdMini;LcdMini Device;C:\WINDOWS\system32\DRIVERS\LcdMini.sys [2002-03-28 12:38]
    S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 14:11]
    S4 Ms-java;Ms-java;C:\WINDOWS\Driver\i386\ms-java.exe []

    *Newly Created Service* - DCFS2K
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-05 11:42:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-04-21 21:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy.job "
    - C:\PROGRA~1\SPYBOT~1\SpybotSD.exe
    "2008-05-04 14:07:01 C:\WINDOWS\Tasks\Symantec NetDetect.job "
    - C:\Program Files\Symantec\LiveUpdate\NDetect.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-05 08:16:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-05-05 8:17:43
    ComboFix-quarantined-files.txt 2008-05-05 12:17:34

    Pre-Run: 114,499,047,424 bytes free
    Post-Run: 114,479,153,152 bytes free

    200 --- E O F --- 2008-04-22 02:17:19


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    Should I be intalling this????????
    Thanks again!
    Rebecca
     
    RebeccainTO,
    #61
  2. 2008/05/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Rebecca
    OK I got to ask, Is ComboFix.exe's icon on your desktop?
    Because that is where it needs to be, Not in a folder on your desktop.

    If the icon is on your desktop the please do the following in normal mode.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\WINDOWS\system32\tmp1_863804466084.bk
C:\WINDOWS\system32\tmp0_711229534612.bk
C:\WINDOWS\system32\tmp4_633632236078.bk
C:\WINDOWS\system32\tmp4_46227874802.bk
C:\WINDOWS\system32\tmp1_614482403498.bk
C:\WINDOWS\system32\tmp0_412260398302.bk
C:\WINDOWS\system32\tmp3_87783046313.bk
C:\WINDOWS\system32\tmp3_510296375759.bk
C:\WINDOWS\system32\tmp1_5569623664.bk
C:\WINDOWS\system32\tmp0_169738313379.bk
C:\WINDOWS\BM2f18a5ad.xml
C:\WINDOWS\SA6DACD58.tmp
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\Documents and Settings\win\Application Data\inst.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\wserving.exe 
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc9.exe
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc8.exe
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc7.exe
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc10.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe 
C:\WINDOWS\Driver\i386\ms-java.exe 

Driver::
AFinding
WServing
Ms-java
    Please post the new ComboFix log and a new HJT log.

    Thanks
    Geri
     
    Geri,
    #62


  3. to hide this advert.

  4. 2008/05/11
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Please Help!!!!!!

    Geri,
    Please help.
    I've been trying to run combofix to no avail. I have so much going on at home and feel very overwhelmed because I have still not fixed this.

    Yes....COMBOFIX is on my desktop, renamed combofix888.exe
    When I am in Safe mode, it doesn't appear on desktop and is found elsewhere as stated earlier.

    When I run Combofix I get a blue box, EMPTY with a flashing cursor. It remains this way for 20 minutes and on. Sometimes "Preparing to run Combofix" will appear at the beginning of running ....but again...20 minutes - hours...nothing happens.

    I was able to run it in safe mode as earlier posted.
    I've removed the entire program and reinstalled as per your request.
    I've also removed Comodo and reinstalled hoping this would allow Combofix to run...but didn't (I feel it may be my fault Combofix is not running because when the firewall asked if it could be allowed, I may have clicked block request to a few of the actions.

    HELP!
    Also....it has this big warning about a recovery console????WHAT DOES THIS MEAN?
    Here is a fresh hijack log. I have recieved a new monitor for my birthday and have put that on.

    HELP!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:39, on 2008-05-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\afinding.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wserving.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=...ly=http://mail.live.com/default.aspx&id=64855
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://oweb.peelschools.org/jinitiator/jinit.exe
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

    --
    End of file - 9937 bytes
     
    RebeccainTO,
    #63
  5. 2008/05/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi RebeccainTO
    .
    OK please relax here, we will get this to work, so don't stress over this. ;)


    OK lets do this.

    Please delete the combofix888.exe from your desk top.

    Empty your recycle bin.

    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    Now Download ComboFix from HereSaving it to your Desktop Do not rename it.


    Double click on your Comodo icon down by your clock.
    After it opens Click on the FireWall tab at the top.
    Click on the "Define a new trusted Applacation "
    On the little window that opens click on "select ".
    Click on the "Browse" option
    Now in that wiondow in the "look in" box at the top click the down arrow to the right of the box and click on Desktop from the menu.
    find ComboFix.exe and click on it. Click The "Open" button
    then click Apply.
    Close the Comodo window.

    Now do this.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\WINDOWS\system32\tmp1_863804466084.bk
C:\WINDOWS\system32\tmp0_711229534612.bk
C:\WINDOWS\system32\tmp4_633632236078.bk
C:\WINDOWS\system32\tmp4_46227874802.bk
C:\WINDOWS\system32\tmp1_614482403498.bk
C:\WINDOWS\system32\tmp0_412260398302.bk
C:\WINDOWS\system32\tmp3_87783046313.bk
C:\WINDOWS\system32\tmp3_510296375759.bk
C:\WINDOWS\system32\tmp1_5569623664.bk
C:\WINDOWS\system32\tmp0_169738313379.bk
C:\WINDOWS\BM2f18a5ad.xml
C:\WINDOWS\SA6DACD58.tmp
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\Documents and Settings\win\Application Data\inst.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\wserving.exe 
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc9.exe
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc8.exe
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc7.exe
C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc10.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe 
C:\WINDOWS\Driver\i386\ms-java.exe 

Driver::
AFinding
WServing
Ms-java
    Please post the new ComboFix log and a new HJT log If that worked.

    Let me know.

    Thanks
    Geri
     
    Geri,
    #64
  6. 2008/05/13
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    No luck.
    Followed instructions, but when Combofix starts to run, I get the white box with the green loading and then all icons on desktop flash, but no blue box appears, and nothing seems to happen....waited 30 min.
     
    RebeccainTO,
    #65
  7. 2008/05/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    OK, We'll do this in safe mode.

    I need to Re-iterate that you need to logon to YOUR account in safe mode, not the Admin account. When You get to the Safe modes Welcome screen, scroll down and select Your username.

    That is where you downloaded Combofix and have the CFScript.txt file on the Desktop.

    Now drag and drop the CFScript into ComboFix.exe.

    After it is done reboot back to normal windows and post the log that it gave you.

    Thanks
    Geri
     
    Geri,
    #66
  8. 2008/05/18
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    I've logged in as advised but they are not on my desktop in SAFE mode, but are on my desktop for normal startup.
    Is there another fix we can use?
     
    RebeccainTO,
    #67
  9. 2008/05/18
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK we'll try this. In safe mode.


    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.

    • Save it to your desktop.

      Now copy this to note pad or word pad and save it to your desktop.

      C:\WINDOWS\system32\tmp1_863804466084.bk
      C:\WINDOWS\system32\tmp0_711229534612.bk
      C:\WINDOWS\system32\tmp4_633632236078.bk
      C:\WINDOWS\system32\tmp4_46227874802.bk
      C:\WINDOWS\system32\tmp1_614482403498.bk
      C:\WINDOWS\system32\tmp0_412260398302.bk
      C:\WINDOWS\system32\tmp3_87783046313.bk
      C:\WINDOWS\system32\tmp3_510296375759.bk
      C:\WINDOWS\system32\tmp1_5569623664.bk
      C:\WINDOWS\system32\tmp0_169738313379.bk
      C:\WINDOWS\BM2f18a5ad.xml
      C:\WINDOWS\SA6DACD58.tmp
      C:\WINDOWS\system32\drivers\lvuvc.hs
      C:\Documents and Settings\win\Application Data\inst.exe
      C:\WINDOWS\system32\afinding.exe
      C:\WINDOWS\system32\wserving.exe
      C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc9.exe
      C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc8.exe
      C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc7.exe
      C:\RECYCLER\S-1-5-21-2052111302-1035525444-839522115-500\Dc10.sys
      C:\WINDOWS\system32\Indt2.sys
      C:\WINDOWS\system32\routing.exe
      C:\WINDOWS\Driver\i386\ms-java.exe


      Reboot into safe mode.
      Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths that you saved by highlighting ALL of them and right-click and choose copy):

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


    Run a Kaspersky scan and post the log.

    Thanks
    Geri
     
    Geri,
    #68
  10. 2008/05/19
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Hi Geri,
    Thank-you....
    I, again couldn't find killbox on my desktop in safe mode, so I went into safemode with networking, resaved killbox on desktop and then ran the program. It seemed to run smoothly with no errors.
    Here is the Kapersky log:
    ------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    2008-05-19 19:24
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 19/05/2008
    Kaspersky Anti-Virus database records: 786342
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 65827
    Number of viruses found: 8
    Number of infected objects: 15
    Number of suspicious objects: 0
    Duration of the scan process: 00:40:04

    Infected Object Name / Virus Name / Last Action
    C:\!KillBox\afinding.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\!KillBox\Indt2.sys Infected: Trojan.Win32.VB.cqk skipped
    C:\!KillBox\routing.exe Infected: Trojan.Win32.Agent.mbh skipped
    C:\!KillBox\wserving.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\017788aee7e964d1f680957279d42afd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0410daf915c374b96b665279eb48d2f5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05992124635c27b414dab51f1003c2c5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\066ee7c38a345a8c810e02196b16180a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0861772a42ce45f0f1dec5c31756050d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125b2b707d927254502e9355f0350261_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16e77965674adee239adf2283ea8fa76_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e5a0bf170a2893b172a1f8587e7ea26_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26159d7d51220b7ae8eb1c70c556c01f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27dc6f77f550c0c4f10d27a95980d9f6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9412c2f622b74aa26fade75d26a2f8_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\364585bc1f33820e43adcbff51917835_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40e4576ff1a43b9f80a6969a37f04659_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a64e8b738cf4da69ea96cc30a8768e3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55c6e4e8fb026bcc4c86e5f763ae1958_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\570459036f5ddefc9778822c2f76a339_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a4b2c881be41987ffb6c46816d266ec_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b593af9a9ad1da6c3d692936b8b1408_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b643f2f881f1fab0ef188b4a209c055_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f1aa711bcaf6a6083336b2fa9094c59_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62280fefc77d0303c05d9c223c985122_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6684fe69ab72c1115ae8b0ead2208c96_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec45555659957f19cf6cc451ed75133_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\737807beab3e5fedbb57541c7361af87_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771631986d0eebf6defcdf3f21ed621a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a2c49c0cf9af3701a2ae68dd056298f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b1df13ee8c7370457ac9d4ea01c7617_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\813c1bb8141725aac3d80887049d9750_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c22e54f00b2e2152648537a5e183c99_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9015464dff1f164f8438dc7fcaddef5b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9daaeb4809ef7549a3b47b302e86d8fa_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0d34f30e44ae4b23079179cc0ec03f0_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a67508646b45dca8ba549cec30db76cf_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa60caa4434977ee9c85d912e2fe953d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b21fcf67def70100b2d0d306c2520117_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bce83d46a1d72c0abd395a7ca79db682_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf50a03166257acd6800d7c698fc8cdb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c895a93762aa1d6d2bed5e53123cc37a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9b85b981d498373c8604d8bec8446ff_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb7a96c56be83ecd699801c770b9b8ef_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cda16dda4371c3a179244a9fae329dce_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1a817d60f3c7b8b1bd2afe304fc98bd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4354a36a629b2ab3f2244e639319bf3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d52cbc5b7bacebd3d3b029400f734218_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e116647dcb28454d9548345d3adbe60e_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2b58a1ac12067f3c9a9575a132add08_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e39b7241b018cbee16ce94bfd857dd92_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea1f342849f9f7a2a48c7b737766e92a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb05245099b8d7313a17df13bf102efc_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f22383b6c3cf70dba79583ac283ca139_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f27adc9055369c2836a77e1009083ed6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f72615baaa7308b0249044a31a7f83cb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f77b9afcba0974c1b942e4759677b511_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a28d96468a3a70fd72434d0bfa480b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
    C:\Documents and Settings\win\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\win\Desktop\ROOTKIT DESTROY!.doc Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\MSHist012008051920080520\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF3775.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DFD825.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DFF567.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\L0000003.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.idx Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006446.sys Infected: Trojan-Clicker.Win32.VB.and skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006447.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006448.exe Infected: Trojan.Win32.Agent.kiy skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006449.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP32\A0017293.old Infected: Trojan-Downloader.Win32.Delf.hvc skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017537.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017538.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017539.sys Infected: Trojan.Win32.VB.cqk skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017540.exe Infected: Trojan.Win32.Agent.mbh skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{82FBF709-E3B8-41FF-93EE-DD3AB3E49C37}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\andt.sys Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\perfs.exe Infected: Trojan.Win32.Agent.meg skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\Perflib_Perfdata_5e8.dat Object is locked skipped
    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    RebeccainTO,
    #69
  11. 2008/05/19
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi RebeccainTO
    OK please do the same with these 2 files.

    C:\WINDOWS\system32\andt.sys
    C:\WINDOWS\system32\perfs.exe

    Please double-click Killbox.exe to run it.
    Select:
    Delete on Reboot
    then Click on the All Files button.
    Please copy the file paths that you saved by highlighting ALL of them and right-click and choose copy):


    Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    Reboot back to normal windows and run another Kaspersky scan.

    Thanks
    Geri
     
    Geri,
    #70
  12. 2008/05/20
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    2008-05-20 10:36
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 20/05/2008
    Kaspersky Anti-Virus database records: 788046
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 60793
    Number of viruses found: 8
    Number of infected objects: 16
    Number of suspicious objects: 0
    Duration of the scan process: 00:37:38

    Infected Object Name / Virus Name / Last Action
    C:\!KillBox\afinding.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\!KillBox\Indt2.sys Infected: Trojan.Win32.VB.cqk skipped
    C:\!KillBox\perfs.exe Infected: Trojan.Win32.Agent.meg skipped
    C:\!KillBox\routing.exe Infected: Trojan.Win32.Agent.mbh skipped
    C:\!KillBox\wserving.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\017788aee7e964d1f680957279d42afd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0410daf915c374b96b665279eb48d2f5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05992124635c27b414dab51f1003c2c5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\066ee7c38a345a8c810e02196b16180a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0861772a42ce45f0f1dec5c31756050d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125b2b707d927254502e9355f0350261_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16e77965674adee239adf2283ea8fa76_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e5a0bf170a2893b172a1f8587e7ea26_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26159d7d51220b7ae8eb1c70c556c01f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27dc6f77f550c0c4f10d27a95980d9f6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9412c2f622b74aa26fade75d26a2f8_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\364585bc1f33820e43adcbff51917835_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40e4576ff1a43b9f80a6969a37f04659_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a64e8b738cf4da69ea96cc30a8768e3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55c6e4e8fb026bcc4c86e5f763ae1958_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\570459036f5ddefc9778822c2f76a339_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a4b2c881be41987ffb6c46816d266ec_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b593af9a9ad1da6c3d692936b8b1408_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b643f2f881f1fab0ef188b4a209c055_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f1aa711bcaf6a6083336b2fa9094c59_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62280fefc77d0303c05d9c223c985122_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6684fe69ab72c1115ae8b0ead2208c96_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec45555659957f19cf6cc451ed75133_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\737807beab3e5fedbb57541c7361af87_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771631986d0eebf6defcdf3f21ed621a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a2c49c0cf9af3701a2ae68dd056298f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b1df13ee8c7370457ac9d4ea01c7617_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\813c1bb8141725aac3d80887049d9750_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c22e54f00b2e2152648537a5e183c99_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9015464dff1f164f8438dc7fcaddef5b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9daaeb4809ef7549a3b47b302e86d8fa_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0d34f30e44ae4b23079179cc0ec03f0_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a67508646b45dca8ba549cec30db76cf_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa60caa4434977ee9c85d912e2fe953d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b21fcf67def70100b2d0d306c2520117_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bce83d46a1d72c0abd395a7ca79db682_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf50a03166257acd6800d7c698fc8cdb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c895a93762aa1d6d2bed5e53123cc37a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9b85b981d498373c8604d8bec8446ff_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb7a96c56be83ecd699801c770b9b8ef_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cda16dda4371c3a179244a9fae329dce_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1a817d60f3c7b8b1bd2afe304fc98bd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4354a36a629b2ab3f2244e639319bf3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d52cbc5b7bacebd3d3b029400f734218_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e116647dcb28454d9548345d3adbe60e_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2b58a1ac12067f3c9a9575a132add08_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e39b7241b018cbee16ce94bfd857dd92_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea1f342849f9f7a2a48c7b737766e92a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb05245099b8d7313a17df13bf102efc_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f22383b6c3cf70dba79583ac283ca139_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f27adc9055369c2836a77e1009083ed6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f72615baaa7308b0249044a31a7f83cb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f77b9afcba0974c1b942e4759677b511_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a28d96468a3a70fd72434d0bfa480b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF1FC9.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF50CF.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF50E5.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\L0000003.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.idx Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006446.sys Infected: Trojan-Clicker.Win32.VB.and skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006447.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006448.exe Infected: Trojan.Win32.Agent.kiy skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006449.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP32\A0017293.old Infected: Trojan-Downloader.Win32.Delf.hvc skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017537.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017538.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017539.sys Infected: Trojan.Win32.VB.cqk skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017540.exe Infected: Trojan.Win32.Agent.mbh skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP38\A0017649.exe Infected: Trojan.Win32.Agent.meg skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP38\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\andt.sys Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\Perflib_Perfdata_5d8.dat Object is locked skipped
    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    RebeccainTO,
    #71
  13. 2008/05/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    OK this one is still showing. :(

    C:\WINDOWS\system32\andt.sys


    Lets try to kill it with Killbox this way. Do this in normal mode.

    • Please double-click Killbox.exe to run it.
    • Select:
      • Replace on Reboot
      • then Put a Check on the Use Dummy box.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\andt.sys

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    Then do this.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\system32\andt.sys

    If it deletes then run Kaspersky again and post the log.

    Thanks
    Geri
     
    Geri,
    #72
  14. 2008/05/20
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Hi Geri,
    Can you explain the results to me, because I can't understand why the infected number of files is GROWING each time I use killbox.
    Thanks!:eek:
    ------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    2008-05-20 12:54
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 20/05/2008
    Kaspersky Anti-Virus database records: 788187
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 60835
    Number of viruses found: 8
    Number of infected objects: 20
    Number of suspicious objects: 0
    Duration of the scan process: 00:38:13

    Infected Object Name / Virus Name / Last Action
    C:\!KillBox\afinding.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\!KillBox\andt.sys Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\!KillBox\andt.sys( 1) Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\!KillBox\andt.sys( 2) Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\!KillBox\andt.sys( 3) Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\!KillBox\Indt2.sys Infected: Trojan.Win32.VB.cqk skipped
    C:\!KillBox\perfs.exe Infected: Trojan.Win32.Agent.meg skipped
    C:\!KillBox\routing.exe Infected: Trojan.Win32.Agent.mbh skipped
    C:\!KillBox\wserving.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\017788aee7e964d1f680957279d42afd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0410daf915c374b96b665279eb48d2f5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05992124635c27b414dab51f1003c2c5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\066ee7c38a345a8c810e02196b16180a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0861772a42ce45f0f1dec5c31756050d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125b2b707d927254502e9355f0350261_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16e77965674adee239adf2283ea8fa76_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e5a0bf170a2893b172a1f8587e7ea26_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26159d7d51220b7ae8eb1c70c556c01f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27dc6f77f550c0c4f10d27a95980d9f6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9412c2f622b74aa26fade75d26a2f8_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\364585bc1f33820e43adcbff51917835_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40e4576ff1a43b9f80a6969a37f04659_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a64e8b738cf4da69ea96cc30a8768e3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55c6e4e8fb026bcc4c86e5f763ae1958_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\570459036f5ddefc9778822c2f76a339_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a4b2c881be41987ffb6c46816d266ec_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b593af9a9ad1da6c3d692936b8b1408_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b643f2f881f1fab0ef188b4a209c055_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f1aa711bcaf6a6083336b2fa9094c59_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62280fefc77d0303c05d9c223c985122_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6684fe69ab72c1115ae8b0ead2208c96_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec45555659957f19cf6cc451ed75133_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\737807beab3e5fedbb57541c7361af87_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771631986d0eebf6defcdf3f21ed621a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a2c49c0cf9af3701a2ae68dd056298f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b1df13ee8c7370457ac9d4ea01c7617_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\813c1bb8141725aac3d80887049d9750_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c22e54f00b2e2152648537a5e183c99_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9015464dff1f164f8438dc7fcaddef5b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9daaeb4809ef7549a3b47b302e86d8fa_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0d34f30e44ae4b23079179cc0ec03f0_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a67508646b45dca8ba549cec30db76cf_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa60caa4434977ee9c85d912e2fe953d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b21fcf67def70100b2d0d306c2520117_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bce83d46a1d72c0abd395a7ca79db682_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf50a03166257acd6800d7c698fc8cdb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c895a93762aa1d6d2bed5e53123cc37a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9b85b981d498373c8604d8bec8446ff_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb7a96c56be83ecd699801c770b9b8ef_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cda16dda4371c3a179244a9fae329dce_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1a817d60f3c7b8b1bd2afe304fc98bd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4354a36a629b2ab3f2244e639319bf3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d52cbc5b7bacebd3d3b029400f734218_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e116647dcb28454d9548345d3adbe60e_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2b58a1ac12067f3c9a9575a132add08_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e39b7241b018cbee16ce94bfd857dd92_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea1f342849f9f7a2a48c7b737766e92a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb05245099b8d7313a17df13bf102efc_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f22383b6c3cf70dba79583ac283ca139_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f27adc9055369c2836a77e1009083ed6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f72615baaa7308b0249044a31a7f83cb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f77b9afcba0974c1b942e4759677b511_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a28d96468a3a70fd72434d0bfa480b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF101.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF117.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF9EA7.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\L0000003.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.idx Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006446.sys Infected: Trojan-Clicker.Win32.VB.and skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006447.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006448.exe Infected: Trojan.Win32.Agent.kiy skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP11\A0006449.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP32\A0017293.old Infected: Trojan-Downloader.Win32.Delf.hvc skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017537.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017538.exe Infected: Trojan-Downloader.Win32.Delf.gtj skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017539.sys Infected: Trojan.Win32.VB.cqk skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP37\A0017540.exe Infected: Trojan.Win32.Agent.mbh skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP38\A0017649.exe Infected: Trojan.Win32.Agent.meg skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP38\A0017665.sys Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP38\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{C5BA86CE-6342-45FF-BC3B-391B8C2BB717}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\Perflib_Perfdata_5f8.dat Object is locked skipped
    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    RebeccainTO,
    #73
  15. 2008/05/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Rebecca
    OK Killbox grew because it removed more then one.
    C:\!KillBox\andt.sys( 1) Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\!KillBox\andt.sys( 2) Infected: Trojan-Downloader.Win32.Delf.hxf skipped
    C:\!KillBox\andt.sys( 3) Infected: Trojan-Downloader.Win32.Delf.hxf skipped

    Also Your System Restore grows because a restore point is made which adds a entry to it. which has a infection added.
    If you count the infected entries in the last few logs, you will see them.

    OK this is good "it looks like we're getting this done. (Cross your fingers LOL)

    Here is what we need to do next.


    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    Now delete these.

    KillBox.exe <<From your desktop.

    C:\ !Killbox <<This folder.

    Now do this.

    Run ATF Cleaner

    We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

    You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
    Turning off System Restore will clear out all previous restore points.

    To turn off Windows XP System Restore:
    NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    8. Restart the computer and follow the instructions in the next section to turn on System Restore.

    To turn on Windows XP System Restore:
    1. Click Start.
    2. Right-click My Computer, and then click Properties.
    3. Click the System Restore tab.
    4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
    5. Click Apply, and then click OK
    6. Make a new restore point.
    7. Click Start, All Programs, Accessories, System Tools, System Restore.
    Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

    Reboot your computer

    Run Kaspersky again, we should end up with zeros.
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0

    Please post the Kaspersky log.

    Thanks
    Geri
     
    Geri,
    #74
  16. 2008/05/20
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Oh my gosh....if we have three zeros....I won't know what to do!!!!!!!!!!! It sounds like a dream!
    OK.....here goes......
    I'll be back!
     
    RebeccainTO,
    #75
  17. 2008/05/20
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Zero is magic

    You are a miracle worker!!!
    Never before have I loved the number zero so much before!!!!!
    Does this mean I am free and clear?
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, May 20, 2008 6:39:49 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 20/05/2008
    Kaspersky Anti-Virus database records: 788626
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 48089
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:33:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\017788aee7e964d1f680957279d42afd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0410daf915c374b96b665279eb48d2f5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05992124635c27b414dab51f1003c2c5_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\066ee7c38a345a8c810e02196b16180a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0861772a42ce45f0f1dec5c31756050d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\125b2b707d927254502e9355f0350261_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16e77965674adee239adf2283ea8fa76_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e5a0bf170a2893b172a1f8587e7ea26_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26159d7d51220b7ae8eb1c70c556c01f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27dc6f77f550c0c4f10d27a95980d9f6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9412c2f622b74aa26fade75d26a2f8_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\364585bc1f33820e43adcbff51917835_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40e4576ff1a43b9f80a6969a37f04659_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a64e8b738cf4da69ea96cc30a8768e3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55c6e4e8fb026bcc4c86e5f763ae1958_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\570459036f5ddefc9778822c2f76a339_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a4b2c881be41987ffb6c46816d266ec_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b593af9a9ad1da6c3d692936b8b1408_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5b643f2f881f1fab0ef188b4a209c055_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f1aa711bcaf6a6083336b2fa9094c59_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62280fefc77d0303c05d9c223c985122_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6684fe69ab72c1115ae8b0ead2208c96_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ec45555659957f19cf6cc451ed75133_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\737807beab3e5fedbb57541c7361af87_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771631986d0eebf6defcdf3f21ed621a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7a2c49c0cf9af3701a2ae68dd056298f_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b1df13ee8c7370457ac9d4ea01c7617_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\813c1bb8141725aac3d80887049d9750_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c22e54f00b2e2152648537a5e183c99_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9015464dff1f164f8438dc7fcaddef5b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9daaeb4809ef7549a3b47b302e86d8fa_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0d34f30e44ae4b23079179cc0ec03f0_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a67508646b45dca8ba549cec30db76cf_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa60caa4434977ee9c85d912e2fe953d_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b21fcf67def70100b2d0d306c2520117_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bce83d46a1d72c0abd395a7ca79db682_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf50a03166257acd6800d7c698fc8cdb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c895a93762aa1d6d2bed5e53123cc37a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c9b85b981d498373c8604d8bec8446ff_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb7a96c56be83ecd699801c770b9b8ef_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cda16dda4371c3a179244a9fae329dce_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d1a817d60f3c7b8b1bd2afe304fc98bd_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4354a36a629b2ab3f2244e639319bf3_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d52cbc5b7bacebd3d3b029400f734218_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e116647dcb28454d9548345d3adbe60e_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2b58a1ac12067f3c9a9575a132add08_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e39b7241b018cbee16ce94bfd857dd92_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea1f342849f9f7a2a48c7b737766e92a_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb05245099b8d7313a17df13bf102efc_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f22383b6c3cf70dba79583ac283ca139_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f27adc9055369c2836a77e1009083ed6_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f72615baaa7308b0249044a31a7f83cb_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f77b9afcba0974c1b942e4759677b511_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8a28d96468a3a70fd72434d0bfa480b_e183eb92-1b86-450d-991d-d145542fa97b Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF3DA6.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF3DBC.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\temp\~DF423B.tmp Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\win\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat Object is locked skipped
    C:\Documents and Settings\win\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\L0000003.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\win\Data\storydb.idx Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{EB642118-4B86-422B-A5C9-50D9A9203143}\RP2\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{28C7E32C-FEAC-4198-9079-7D93B4C6F4E2}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\Perflib_Perfdata_5d8.dat Object is locked skipped
    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    RebeccainTO,
    #76
  18. 2008/05/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Rebecca
    All Right ! Whoo Hoo. Good job. :D

    Yes that shows you're clean.

    I recommend you now install some of the Prevention applications you looked at before. and stay away from any P2P file sharing.

    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
    http://www.windowsbbs.com/showthread.php?t=67958

    Use your computer for a couple days and then run another Kaspersky scan to make sure none of those files have returned.
    If they do, come back and let us have a look.

    Again, Good Job.

    I'll mark this one resolved in a couple days.

    Surf Safely
    Geri
     
    Geri,
    #77
  19. 2008/05/20
    RebeccainTO

    RebeccainTO Inactive Thread Starter

    Joined:
    2008/04/20
    Messages:
    43
    Likes Received:
    0
    Geri,
    Thank-you SO much.
    This has been a long and drawn out process and you kept plugging away.
    I am SO thank-ful for everything you've done. I've learned so much!!!

    I'm now free to surf the rest of this website....how exciting!

    Rebecca:D
     
    RebeccainTO,
    #78
  20. 2008/05/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Rebecca
    You're welcome, Glad to have helped out.

    Geri
     
    Geri,
    #79
Page 4 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...