Solved Remove XP antivirus Warning

deester · 2008/08/03

[Resolved] Remove XP antivirus Warning

XP Antivirus Warning appeared on my desktop and I can't remove it. It tells me that I have 12 potential viruses even though Norton scanned during the night and found no problems, I have tried to download Malwarebytes but my computer freezes up and will not browse. I am a beginner and need some help.
Thanks,
Dee

PeteC · 2008/08/03

Dee

Read this and post the logs requested .....

http://www.windowsbbs.com/announcement.php?f=41

If you are unable to download without a freeze up use a friend's computer for the downloads.

I have tried to download Malwarebytes
Click to expand...

Programs such as this should only be downloaded and run following instruction from an expert in the field of Malware removal.

deester · 2008/08/03

Malware and Virus Removal

Pete,
I'm sorry to appear so dumb, but I don,t understand why I would downdload the software on another machine. I already have them on my LT, what do I do I do with them. I can't do any thing on the PC.
Thanks for your help,
Dee

PeteC · 2008/08/03

Dee

In your first post you said ....

I have tried to download Malwarebytes but my computer freezes up and will not browse
Click to expand...

which I interpreted to mean that you were unable to download anything and browse as in Internet browsing. By downloading using a computer which could access the Internet and download you had access to the required files which could then be transfered to the desktop using a USB stick.

From what you are now saying you are unable to use the desktop at all? Is that correct? Will it not boot up?

Will the desktop start in Safe Mode?

deester · 2008/08/03

Malware and Virus Removal

Pete,
I can get the browser to and get to the web page but cannot open it. I do not know how to get in safe mode, if I knew I would try it. I did restore the system. I will try to transfer I emailed the link but cannot access email.
Thanks for your help,
Dee

PeteC · 2008/08/03

Dee

If the computer is booting up and the problem is only with Internet Explorer, copy the Hijack installation file and Deckard's from the laptop to a USB stick - I'm sure you have one of those and copy from there to the desktop computer. Run the programs, copy the logs to the USB stick and post here from whichever computer you are using to access the BBS.

FYI ....

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
Click to expand...

deester · 2008/08/03

Malware and Virus Remova

Pete,
Got in safe mode by my self and got the programs downloaded and ran the scans. Deleted the uninvited antivirus. Returned to normal mode, there was the antivirus. and could not run the scans, same problem, freezing up.
Where do I go from here?
Thanks for your patience,
Dee

noahdfear · 2008/08/03

In safe mode if necessary ..........

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs. (skip this if in safe mode)

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

deester · 2008/08/04

Malware and Virus Removal

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\rhc3abj0e7c7
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080609084735281.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080609090905906.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080609101856328.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080609144223937.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080610002649046.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080610230556250.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080611051247421.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080611110354218.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080611111106218.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080611185039875.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080612023924156.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080612025322171.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080612031705859.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080613043100125.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080613085046750.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080613182728750.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080613185118734.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080613202816593.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080613203530796.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080614130422984.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080614132701765.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080614195520359.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080615101214625.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080615191832609.log
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080618121939203.log
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\ted\Application Data\Anti-Virus-Pro.com
C:\Documents and Settings\ted\Application Data\macromedia\Flash Player\#SharedObjects\9CBM9A59\interclick.com
C:\Documents and Settings\ted\Application Data\macromedia\Flash Player\#SharedObjects\9CBM9A59\interclick.com\ud.sol
C:\Documents and Settings\ted\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\ted\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\ted\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk
C:\Documents and Settings\ted\Application Data\rhc3abj0e7c7
C:\Documents and Settings\ted\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\ted\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\ted\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\ted\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\ted\My Documents\My Documents.url
C:\Documents and Settings\ted\My Documents\My Music\My Music.url
C:\Documents and Settings\ted\My Documents\My Pictures\My Pictures.url
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\up.dat
C:\Program Files\DriveCleaner Free
C:\Program Files\DriveCleaner Free\Activate.dat
C:\Program Files\DriveCleaner Free\Appbase\AE_CD_Cr.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr4.dat
C:\Program Files\DriveCleaner Free\Appbase\AReadr5.dat
C:\Program Files\DriveCleaner Free\Appbase\ASDSEEpv.dat
C:\Program Files\DriveCleaner Free\Appbase\ASPack.dat
C:\Program Files\DriveCleaner Free\Appbase\Babylon.dat
C:\Program Files\DriveCleaner Free\Appbase\BDelphi5.dat
C:\Program Files\DriveCleaner Free\Appbase\CatchUp.dat
C:\Program Files\DriveCleaner Free\Appbase\CBuildr5.dat
C:\Program Files\DriveCleaner Free\Appbase\CCGA.dat
C:\Program Files\DriveCleaner Free\Appbase\CManager.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteFTP4.dat
C:\Program Files\DriveCleaner Free\Appbase\CuteHTML.dat
C:\Program Files\DriveCleaner Free\Appbase\DAcceler.dat
C:\Program Files\DriveCleaner Free\Appbase\DiscJug.dat
C:\Program Files\DriveCleaner Free\Appbase\ECDCreat4.dat
C:\Program Files\DriveCleaner Free\Appbase\Far.dat
C:\Program Files\DriveCleaner Free\Appbase\FFTsks.dat
C:\Program Files\DriveCleaner Free\Appbase\FlashFXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FrntPage.dat
C:\Program Files\DriveCleaner Free\Appbase\FrontPEx.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpEXP.dat
C:\Program Files\DriveCleaner Free\Appbase\FtpVoya.dat
C:\Program Files\DriveCleaner Free\Appbase\GetRight.dat
C:\Program Files\DriveCleaner Free\Appbase\GoZilla.dat
C:\Program Files\DriveCleaner Free\Appbase\GravMRU.dat
C:\Program Files\DriveCleaner Free\Appbase\H_TxtPad.dat
C:\Program Files\DriveCleaner Free\Appbase\HomeSite.dat
C:\Program Files\DriveCleaner Free\Appbase\HotDogPr.dat
C:\Program Files\DriveCleaner Free\Appbase\IconExtr.dat
C:\Program Files\DriveCleaner Free\Appbase\iMesh.dat
C:\Program Files\DriveCleaner Free\Appbase\ImgReady3.dat
C:\Program Files\DriveCleaner Free\Appbase\InsShExp.dat
C:\Program Files\DriveCleaner Free\Appbase\JASC_P_P.dat
C:\Program Files\DriveCleaner Free\Appbase\KaZaA.dat
C:\Program Files\DriveCleaner Free\Appbase\LView.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDir.dat
C:\Program Files\DriveCleaner Free\Appbase\MacDrWea.dat
C:\Program Files\DriveCleaner Free\Appbase\MicAng.dat
C:\Program Files\DriveCleaner Free\Appbase\MicDes.dat
C:\Program Files\DriveCleaner Free\Appbase\MM_CON.dat
C:\Program Files\DriveCleaner Free\Appbase\MMUnDisk.dat
C:\Program Files\DriveCleaner Free\Appbase\Morpheus.dat
C:\Program Files\DriveCleaner Free\Appbase\MPaint.dat
C:\Program Files\DriveCleaner Free\Appbase\MPicPub.dat
C:\Program Files\DriveCleaner Free\Appbase\MPImaGal.dat
C:\Program Files\DriveCleaner Free\Appbase\MSExplorer.dat
C:\Program Files\DriveCleaner Free\Appbase\MSoffice.dat
C:\Program Files\DriveCleaner Free\Appbase\MSRegEdit.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWMP.dat
C:\Program Files\DriveCleaner Free\Appbase\MSWordPad.dat
C:\Program Files\DriveCleaner Free\Appbase\Nero.dat
C:\Program Files\DriveCleaner Free\Appbase\NetShow.dat
C:\Program Files\DriveCleaner Free\Appbase\NTBackup.dat
C:\Program Files\DriveCleaner Free\Appbase\pfilelst.xda
C:\Program Files\DriveCleaner Free\Appbase\PhotShel.dat
C:\Program Files\DriveCleaner Free\Appbase\PHPCoder.dat
C:\Program Files\DriveCleaner Free\Appbase\PowerZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\RapidBr.dat
C:\Program Files\DriveCleaner Free\Appbase\RealAuPl.dat
C:\Program Files\DriveCleaner Free\Appbase\RealDown.dat
C:\Program Files\DriveCleaner Free\Appbase\SecurCRT.dat
C:\Program Files\DriveCleaner Free\Appbase\SL_BlWin.dat
C:\Program Files\DriveCleaner Free\Appbase\SmartClr.dat
C:\Program Files\DriveCleaner Free\Appbase\Sonique.dat
C:\Program Files\DriveCleaner Free\Appbase\StuffIt.dat
C:\Program Files\DriveCleaner Free\Appbase\TelepPro.dat
C:\Program Files\DriveCleaner Free\Appbase\UGifAnim.dat
C:\Program Files\DriveCleaner Free\Appbase\UltraEd.dat
C:\Program Files\DriveCleaner Free\Appbase\UMedStud.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhImpV.dat
C:\Program Files\DriveCleaner Free\Appbase\UPhotoEx.dat
C:\Program Files\DriveCleaner Free\Appbase\UVidStud.dat
C:\Program Files\DriveCleaner Free\Appbase\VNC.dat
C:\Program Files\DriveCleaner Free\Appbase\WebFeret.dat
C:\Program Files\DriveCleaner Free\Appbase\WebReap.dat
C:\Program Files\DriveCleaner Free\Appbase\WinACE.dat
C:\Program Files\DriveCleaner Free\Appbase\WinGate.dat
C:\Program Files\DriveCleaner Free\Appbase\WinRAR.dat
C:\Program Files\DriveCleaner Free\Appbase\WinZIP.dat
C:\Program Files\DriveCleaner Free\Appbase\WiseInst.dat
C:\Program Files\DriveCleaner Free\Appbase\wordslst.xda
C:\Program Files\DriveCleaner Free\Appbase\YahooPl.dat
C:\Program Files\DriveCleaner Free\Appbase\ZipMagic.dat
C:\Program Files\DriveCleaner Free\atl71.dll
C:\Program Files\DriveCleaner Free\bnlink.dat
C:\Program Files\DriveCleaner Free\err.log
C:\Program Files\DriveCleaner Free\img\button.gif
C:\Program Files\DriveCleaner Free\img\button2.gif
C:\Program Files\DriveCleaner Free\img\header.gif
C:\Program Files\DriveCleaner Free\img\logo.gif
C:\Program Files\DriveCleaner Free\img\spacer.gif
C:\Program Files\DriveCleaner Free\img\top_line.gif
C:\Program Files\DriveCleaner Free\img\top1.jpg
C:\Program Files\DriveCleaner Free\img\top2.jpg
C:\Program Files\DriveCleaner Free\lapv.dat
C:\Program Files\DriveCleaner Free\license.rtf
C:\Program Files\DriveCleaner Free\mfc71.dll
C:\Program Files\DriveCleaner Free\msvcp71.dll
C:\Program Files\DriveCleaner Free\msvcr71.dll
C:\Program Files\DriveCleaner Free\pv.dat
C:\Program Files\DriveCleaner Free\readme.rtf
C:\Program Files\DriveCleaner Free\remnag.dat
C:\Program Files\DriveCleaner Free\sr.log
C:\Program Files\DriveCleaner Free\UDC.xml
C:\Program Files\DriveCleaner Free\unins000.dat
C:\Program Files\DriveCleaner Free\unins000.exe
C:\Program Files\DriveCleaner Free\uninstall.ico
C:\Program Files\DriveCleaner Free\updater.dat
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\PopsMedia Site Adviser
C:\Program Files\rhc3abj0e7c7
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\MultiLoader.dll
C:\Program Files\SpyShredder
C:\Program Files\SpyShredder\SpyShredder.lic
C:\Program Files\SpyShredder\SpyShredder1.ss
C:\Program Files\TrustedAntivirus
C:\Program Files\UAV
C:\Program Files\UAV\uav1.dat
C:\Program Files\XP Antivirus
C:\WINDOWS\Installer\{bad788d9-428a-494e-862c-e5aaf627da7f}\BootService.dll
C:\WINDOWS\system32\blphc7abj0e7c7.scr
C:\WINDOWS\system32\hgbihormhgj.bmp
C:\WINDOWS\system32\jadcf.bmp
C:\WINDOWS\system32\lphc7abj0e7c7.exe
C:\WINDOWS\system32\lsbad.bmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\pphc7abj0e7c7.exe
C:\WINDOWS\system32\ratsnadgnmhkb.bmp
C:\WINDOWS\system32\richvideocodec.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2

noahdfear · 2008/08/04

You've only posted a portion of the log. It probably is too large for 1 post, so you will need to split it up. The log is located at C:\ComboFix.txt
Please post the remainder of it's contents from the following line.

((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))

deester · 2008/08/05

Malware and Virus Removal

Did my Hijack this log come through?
2008-08-03 18:45 . 2008-08-03 18:45 <DIR> d-------- C:\Deckard
2008-08-03 18:34 . 2008-08-03 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 18:30 . 2008-08-03 18:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-03 18:30 . 2008-08-03 18:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-08-03 18:30 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-03 18:30 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-03 18:30 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-03 18:30 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-03 18:25 . 2008-08-03 18:25 <DIR> d-------- C:\Program Files\Perfect Uninstaller
2008-08-03 18:25 . 2008-08-03 18:25 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-08-03 18:00 . 2008-08-03 18:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-08-03 17:59 . 2008-08-03 17:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-08-03 17:52 . 2008-08-03 17:52 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 16:38 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-06 16:37 . 2008-07-06 16:37 <DIR> d-------- C:\Program Files\Driver-Soft
2008-07-06 16:37 . 2007-09-02 20:56 1,686,016 --a------ C:\WINDOWS\system32\clinetsuitex6.ocx
2008-07-06 14:34 . 2008-07-28 16:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-06 14:34 . 2008-07-06 14:34 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 10:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 00:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-26 23:55 --------- d-----w C:\Program Files\XoftSpySE
2008-07-15 22:47 --------- d-----w C:\Program Files\Detroit
2008-07-15 22:46 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-15 22:46 249,856 ------w C:\WINDOWS\Setup1.exe
2008-07-06 20:05 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-06-27 21:01 --------- d-----w C:\Program Files\Pure Networks
2008-06-27 21:00 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-06-27 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-26 22:31 --------- d-----w C:\Program Files\ParetoLogic
2008-06-26 22:31 --------- d-----w C:\Program Files\Common Files\ParetoLogic
2008-06-26 22:31 --------- d-----w C:\Documents and Settings\ted\Application Data\ParetoLogic
2008-06-26 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-06-26 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-25 17:27 --------- d-----w C:\Documents and Settings\ted\Application Data\AOL
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 00:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-19 20:08 --------- d-----w C:\Documents and Settings\ted\Application Data\acccore
2008-06-19 18:58 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-19 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-19 17:18 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-06-19 17:12 --------- d-----w C:\Program Files\Norton SystemWorks
2008-06-19 17:04 --------- d-----w C:\Program Files\Symantec
2008-06-19 17:04 --------- d-----w C:\Documents and Settings\ted\Application Data\Symantec
2008-06-19 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 18:01 --------- d-----w C:\Program Files\Common Files\AdvancedCleaner
2008-06-18 17:30 1,700 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-18 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 17:28 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-06-18 17:26 --------- d-----w C:\Program Files\AOL Deskbar
2008-06-18 17:25 --------- d-----w C:\Program Files\AWS
2008-06-15 19:28 81,920 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 13:01 --------- d-----w C:\Program Files\Common Files\Real
2008-05-23 22:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-16 10:02 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start "= "C:\Program Files\AOL 9.1\AOL.EXE" [2008-03-06 06:12 50528]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 18:09 842584]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880]
"ccRegVfy "= "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504]
"HostManager "= "C:\Program Files\Common Files\AOL\1211853138\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]
"VX3000 "= "C:\WINDOWS\vVX3000.exe" [2006-12-05 19:38 707360]
"nmctxth "= "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 06:11 648504]
"nmapp "= "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-05-16 05:57 451896]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-02-05 19:10 98304]
"Lexmark X6100 Series "= "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-05-16 06:10 57344]
"SiSUSBRG "= "C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"SiS Windows KeyHook "= "C:\WINDOWS\system32\keyhook.exe" [2004-05-12 17:22 249856]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-02-05 19:09 26112]
"PinnacleDriverCheck "= "C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LifeCam "= "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 21:48 275800]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]
"AOLDialer "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SoundMan "= "SOUNDMAN.EXE" [2004-02-26 04:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

C:\Documents and Settings\ted\Start Menu\Programs\Startup\
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 17:50:57 41824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 16:28:04 630915]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 18:48:18 16432]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:54 45568]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-02-05 18:30:32 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe "=
"C:\\WINDOWS\\system32\\LEXPPS.EXE "=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Common Files\\AOL\\1211853138\\ee\\aolsoftware.exe "=
"C:\\Program Files\\AOL 9.1\\waol.exe "=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe "=
"C:\\Program Files\\Common Files\\AOL\\1211853138\\ee\\AOLDesktop.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 18:06]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-06-01 13:41]
S2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 18:13]
S2 Winferno Subscription Service;Winferno Subscription Service;C:\Program Files\Common Files\Winferno\WSS\WSS.exe [2007-09-07 11:00]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - DCFS2K
.
Contents of the 'Scheduled Tasks' folder

2008-08-03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-08-02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-08-01 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2002-08-29 21:30]

2008-08-03 C:\WINDOWS\Tasks\ParetoLogic Update.job
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-19 00:55]

2008-08-04 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]

2008-08-03 C:\WINDOWS\Tasks\WSSHelper.job
- C:\Program Files\Common Files\Winferno\WSS\WSSHelper.exe [2007-07-26 13:49]
.
- - - - ORPHANS REMOVED - - - -

BHO-{45174314-58E7-4790-BCCF-C05FE1CB7B67} - C:\WINDOWS\system32\comre.dll
HKLM-Run-lphc7abj0e7c7 - C:\WINDOWS\system32\lphc7abj0e7c7.exe
HKLM-Run-SMrhc3abj0e7c7 - C:\Program Files\rhc3abj0e7c7\rhc3abj0e7c7.exe
HKLM-Run-SiteAdvisor - C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe
HKLM-Run-ADC_286449925 - C:\Program Files\Common Files\AdvancedCleaner\ADCcw.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ocp8z3gz.default\
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 07:06:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 7:08:34
ComboFix-quarantined-files.txt 2008-08-04 11:08:01

Pre-Run: 50,452,000,768 bytes free
Post-Run: 50,564,517,888 bytes free

373 --- E O F --- 2008-07-11 19:47:05

noahdfear · 2008/08/05

Looks like ComboFix did a good job. How's the computer running now?

deester · 2008/08/05

Malware and Virus Removal

Other than being slow, it doing fine.
Thanks for your help,
Dee

noahdfear · 2008/08/05

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now, scan with Kaspersky WebScanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log to this topic.

deester · 2008/08/06

Malware and Virus Removal

KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 06, 2008 12:32:27 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/08/2008
Kaspersky Anti-Virus database records: 1060788

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 44687
Number of viruses found 17
Number of infected objects 163
Number of suspicious objects 0
Duration of the scan process 01:23:45

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Desktop\sdsetup.exe/file286 Infected: Backdoor.Win32.Hupigon.dcvh skipped

C:\Documents and Settings\Administrator\Desktop\sdsetup.exe Inno: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\aolusers.fus Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\SNMaster.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7e4cbba1fa06526f69c7671ed22b87b_d23a15c3-9298-4ddb-977a-2e0e842bc966 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e249d43f86be0901d1d6b8ad94acea7a_d23a15c3-9298-4ddb-977a-2e0e842bc966 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\Gateway-00-09-5B-88-51-CA.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped

C:\Documents and Settings\Dee\Application Data\AOL\C_AOL 9.1\IDB\Apps.Lst Object is locked skipped

C:\Documents and Settings\Dee\Application Data\AOL\C_AOL 9.1\IDB\art.idx Object is locked skipped

C:\Documents and Settings\Dee\Application Data\AOL\C_AOL 9.1\IDB\guest.idx Object is locked skipped

C:\Documents and Settings\Dee\Application Data\AOL\C_AOL 9.1\IDB\sap.dat Object is locked skipped

C:\Documents and Settings\Dee\Application Data\AOL\C_AOL 9.1\IDB\spool.lst Object is locked skipped

C:\Documents and Settings\Dee\Application Data\AOL\C_AOL 9.1\IDB\sysnews.lst Object is locked skipped

C:\Documents and Settings\Dee\Application Data\ErrorSmart\Log\2008 Aug 06 - 09_24_13 AM_828.log Object is locked skipped

C:\Documents and Settings\Dee\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\Dee\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Dee\Desktop\setupxv(2).exe/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv(2).exe/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv(2).exe/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv(2).exe/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv(2).exe 7-Zip: infected - 4 skipped

C:\Documents and Settings\Dee\Desktop\setupxv.exe/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv.exe/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv.exe/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv.exe/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Desktop\setupxv.exe 7-Zip: infected - 4 skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\20qh97m7.default\Cache\09E9772Ed01/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\20qh97m7.default\Cache\09E9772Ed01/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\20qh97m7.default\Cache\09E9772Ed01/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\20qh97m7.default\Cache\09E9772Ed01/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\Dee\Local Settings\Application Data\Mozilla\Firefox\Profiles\20qh97m7.default\Cache\09E9772Ed01 7-Zip: infected - 4 skipped

C:\Documents and Settings\Dee\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\CMLS--2008-08-06--09-25-12.log Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\me_17Ob5zIWX6uSkUz Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\me_iqWeKBnuOopwzO7 Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\me_PXCvxz Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\me_w9F72KpHblI Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\~DF6C67.tmp Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temp\~DFE221.tmp Object is locked skipped

C:\Documents and Settings\Dee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dee\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Dee\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\ted\Desktop\setupxv(2).exe/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv(2).exe/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv(2).exe/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv(2).exe/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv(2).exe 7-Zip: infected - 4 skipped

C:\Documents and Settings\ted\Desktop\setupxv.exe/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv.exe/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv.exe/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv.exe/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Desktop\setupxv.exe 7-Zip: infected - 4 skipped

C:\Documents and Settings\ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\Cache\09E9772Ed01/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\Cache\09E9772Ed01/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\Cache\09E9772Ed01/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\Cache\09E9772Ed01/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Documents and Settings\ted\Local Settings\Application Data\Mozilla\Firefox\Profiles\ks0ev2j3.default\Cache\09E9772Ed01 7-Zip: infected - 4 skipped

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.SearchIt.t skipped

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe WiseSFX: infected - 1 skipped

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe WiseSFXDropper: infected - 1 skipped

C:\Program Files\ErrorSmart\TCL.dll Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Program Files\ErrorSmart\zlib.dll Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\agent.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\busyprs.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\BWLocalWebListener.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileDL.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\RG.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\scheddbg.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\18DA241D.htm Infected: Packed.JS.Agent.a skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19590991.htm Infected: Packed.JS.Agent.a skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1B122DAC.htm Infected: Packed.JS.Agent.a skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\211969B5.htm Infected: Packed.JS.Agent.a skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\21A7408E Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\444E7AF4 Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\518C4D91.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5BBD23BD.htm Infected: Packed.JS.Agent.a skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\69C43999.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aw skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A0F0F5C.htm Infected: Packed.JS.Agent.a skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A205134.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aw skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A26252D.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71955242.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\QooBox\Quarantine\C\Program Files\RichVideoCodec\MultiLoader.dll.vir Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\lphc7abj0e7c7.exe.vir/data0002 Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\lphc7abj0e7c7.exe.vir/data0004 Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\lphc7abj0e7c7.exe.vir NSIS: infected - 2 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\pphc7abj0e7c7.exe.vir Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\RichVideoCodec.dll.vir Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0000003.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0000004.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0000005.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0000009.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0001003.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0001009.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0002006.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0003007.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0004007.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0004047.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0005046.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0006046.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0007046.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0008047.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0008063.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0009064.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0009097.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0010119.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0011119.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012123.dll Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012132.dll Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012134.exe/data0002 Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012134.exe/data0004 Infected: Trojan-Downloader.Win32.Small.aabv skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012134.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012135.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012144.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.ni skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012175.exe Infected: Hoax.Win32.Renos.vaoz skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012178.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012184.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012194.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012194.exe RAR: infected - 1 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012208.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP1\A0012208.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017711.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017711.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017711.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017711.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017712.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017712.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017712.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017712.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017713.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017713.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017713.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017713.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017717.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP10\A0017721.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP11\A0017731.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP11\A0017732.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017737.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017737.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017737.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017737.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017738.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017738.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017738.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017738.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017739.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017739.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017739.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP12\A0017739.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP14\A0017775.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP14\A0017777.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017782.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017782.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017782.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017782.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017783.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017783.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017783.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017783.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017784.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017784.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017784.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP15\A0017784.msi Embedded: infected - 3 skipped

:C\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017874.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017875.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017924.exe/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017924.exe/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017924.exe/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017924.exe/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017924.exe 7-Zip: infected - 4 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017925.exe/setup.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017925.exe/setup.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017925.exe/setup.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017925.exe/setup.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\A0017925.exe 7-Zip: infected - 4 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP16\change.log Object is locked skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP3\A0017523.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP3\A0017523.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP3\A0017523.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP3\A0017523.msi Embedded: infected - 3 skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP7\A0017621.msi/app.cab/F98E2EE9BE2B61047A1ECCD98AAB06626 Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP7\A0017621.msi/app.cab/FE2A0B12537FBB443932CD0DDE43B00BA Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

C:\System Volume Information\_restore{49FD2B4E-73AD-4066-B776-D5D181F5F5E9}\RP7\A0017621.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.gq skipped

deester · 2008/08/06

Malware and Virus Removal

Information\_restore{72776469-A3A3-443B-A3F2-0B3E479E3EBC}\RP164\A0020178.exe/RegistrySmart.msi/app.cab Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.l skipped

C:\System Volume Information\_restore{72776469-A3A3-443B-A3F2-0B3E479E3EBC}\RP164\A0020178.exe/RegistrySmart.msi Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.l skipped

C:\System Volume Information\_restore{72776469-A3A3-443B-A3F2-0B3E479E3EBC}\RP164\A0020178.exe 7-Zip: infected - 4 skipped

C:\System Volume Information\_restore{72776469-A3A3-443B-A3F2-0B3E479E3EBC}\RP164\A0020178.exe UPX: infected - 4 skipped

C:\System Volume Information\_restore{72776469-A3A3-443B-A3F2-0B3E479E3EBC}\RP164\A0020178.exe PE_Patch.UPX: infected - 4 skipped

C:\System Volume Information\_restore{72776469-A3A3-443B-A3F2-0B3E479E3EBC}\RP164\A0020179.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{51F368D7-8391-4D6C-9FD6-A331D6855201}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

deester · 2008/08/06

Malware and Virus Removal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:30 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1211853138\ee\AOLSoftware.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ErrorSmart\ErrorSmart.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45174314-58E7-4790-BCCF-C05FE1CB7B67} - C:\WINDOWS\system32\comre.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211853138\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe "
O4 - HKLM\..\Run: [lphc7abj0e7c7] C:\WINDOWS\system32\lphc7abj0e7c7.exe
O4 - HKLM\..\Run: [SMrhc3abj0e7c7] C:\Program Files\rhc3abj0e7c7\rhc3abj0e7c7.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [ADC_286449925] "C:\Program Files\Common Files\AdvancedCleaner\ADCcw.exe" -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files\Common Files\Winferno\WSS\WSS.exe

--
End of file - 10267 bytes

deester · 2008/08/06

Malware and Virus Removal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:26 AM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1211853138\ee\AOLSoftware.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45174314-58E7-4790-BCCF-C05FE1CB7B67} - C:\WINDOWS\system32\comre.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211853138\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe "
O4 - HKLM\..\Run: [lphc7abj0e7c7] C:\WINDOWS\system32\lphc7abj0e7c7.exe
O4 - HKLM\..\Run: [SMrhc3abj0e7c7] C:\Program Files\rhc3abj0e7c7\rhc3abj0e7c7.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [ADC_286449925] "C:\Program Files\Common Files\AdvancedCleaner\ADCcw.exe" -c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files\Common Files\Winferno\WSS\WSS.exe

--
End of file - 9830 bytes

deester · 2008/08/07

Malware and Virus Remova

I have posted the Hijackthis log 4 times but it doesn't post. It doesn't warn me that it's too long. This computer is mighty slow.

Dee

noahdfear · 2008/08/07

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
C:\Documents and Settings\Dee\Desktop\setupxv(2).exe
C:\Documents and Settings\Dee\Desktop\setupxv.exe
C:\Documents and Settings\ted\Desktop\setupxv(2).exe
C:\Documents and Settings\ted\Desktop\setupxv.exe
Folder::
C:\Program Files\ErrorSmart
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Run ATF Cleaner again and after cleaning up temps for Internet Explorer, select the Firefox option and clean up everything there. ATF Cleaner needs to be run from both the Dee and ted user accounts.

Log in or Sign up

Solved Remove XP antivirus Warning

deester Inactive Alumni Thread Starter

PeteC SuperGeek Staff

deester Inactive Alumni Thread Starter

PeteC SuperGeek Staff

deester Inactive Alumni Thread Starter

PeteC SuperGeek Staff

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved Remove XP antivirus Warning

deester Inactive Alumni Thread Starter

PeteC SuperGeek Staff

deester Inactive Alumni Thread Starter

PeteC SuperGeek Staff

deester Inactive Alumni Thread Starter

PeteC SuperGeek Staff

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

noahdfear Inactive

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

deester Inactive Alumni Thread Starter

noahdfear Inactive

Share This Page

Useful Searches