Solved Trojan problem, please help, thanks!

zepheryn · 2008/04/14

Am scanning right now, it's at 13% XD

I'm gonna leave it on tonight and post the Kaspersky results tomorrw. Thanks so much!

zepheryn · 2008/04/15

KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 6:06:47 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 705072
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 188005
Number of viruses found 22
Number of infected objects 98
Number of suspicious objects 16
Duration of the scan process 02:30:15

Infected Object Name Virus Name Last Action
C:\12 Sky\12sky_20070614_cb_ob_setup\setup.exe Suspicious: Type_Win32 skipped
C:\87cc2bee2be67f50553a89315fd5cf9a\update\update.exe Suspicious: Type_Win32 skipped
C:\Adobe\Acrobat 7.0\Reader\AcroRd32.exe Suspicious: Type_Win32 skipped
C:\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Suspicious: Type_Win32 skipped
C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe Suspicious: Type_Win32 skipped
C:\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe Suspicious: Type_Win32 skipped
C:\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\setup.exe Suspicious: Type_Win32 skipped
C:\Adobe\Premiere 6 LE\uninst.exe Suspicious: Type_Win32 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F19F2EEC-0B70-4DFC-B4A6-4B023B304F38}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\history.dat Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\key3.db Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\prefs.js Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jenny\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\Desktop\Misc Programs\Misc\Download_3gp-video-converter.exe Infected: not-a-virusownloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\History\History.IE5\MSHist012008041420080415\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla6315.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla6348.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jenny\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Tudou\tudou\download\1015555181.mp4.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\10552809.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\10604246.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\11379935.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\11397249.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\12308216.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\12341425.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\12345587.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\12375771.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\12378071.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\14238316.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\14239500.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\14258052.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\14259580.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\14260975.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\15656355.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\4650116.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\4747258.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\8852488.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\8854595.flv.tdd! Object is locked skipped
C:\Program Files\Tudou\tudou\download\8879772.flv.tdd! Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Jenny\cftmon.exe.vir Infected: Worm.Win32.Socks.by skipped
C:\QooBox\Quarantine\C\kqkmnh.exe.vir Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\sbmntr.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\sbsm.exe.vir Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\sbun.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\scit.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ldc skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\scm.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ldf skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\scu.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ldd skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\wamdl.dll.vir Infected: Trojan-Downloader.Win32.Zlob.lcz skipped
C:\QooBox\Quarantine\C\Program Files\NetProject\waun.exe.vir Infected: Trojan-Downloader.Win32.Zlob.lde skipped
C:\QooBox\Quarantine\C\WINDOWS\1.exe.vir/stream/data0003 Infected: Trojan.Win32.Inject.avy skipped
C:\QooBox\Quarantine\C\WINDOWS\1.exe.vir/stream Infected: Trojan.Win32.Inject.avy skipped
C:\QooBox\Quarantine\C\WINDOWS\1.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes22.exe.vir Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes321.exe.vir Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes403.exe.vir Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\dodolook636.exe.vir/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\QooBox\Quarantine\C\WINDOWS\dodolook636.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\QooBox\Quarantine\C\WINDOWS\dodolook636.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\QooBox\Quarantine\C\WINDOWS\dodolook636.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\guyi-emply.exe.vir/stream/data0001 Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\QooBox\Quarantine\C\WINDOWS\guyi-emply.exe.vir/stream Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\QooBox\Quarantine\C\WINDOWS\guyi-emply.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\acpidisk.sys.vir Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\oerniratgkdqj.dll.vir Infected: not-a-virus:AdWare.Win32.Ejik.ei skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qelksqpucieqg.dll.vir Infected: not-a-virus:AdWare.Win32.Ejik.ei skipped
C:\QooBox\Quarantine\catchme2008-04-13_190911.42.zip/Documents and Settings/Jenny/Desktop/catchme.zip/zeqbqwp.sys Infected: Trojan-Clicker.Win32.Costrat.fn skipped
C:\QooBox\Quarantine\catchme2008-04-13_190911.42.zip/Documents and Settings/Jenny/Desktop/catchme.zip Infected: Trojan-Clicker.Win32.Costrat.fn skipped
C:\QooBox\Quarantine\catchme2008-04-13_190911.42.zip ZIP: infected - 2 skipped
C:\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP124\A0021713.ini Infected: Trojan-Downloader.Win32.Small.uke skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP124\A0021714.exe Infected: Trojan-Downloader.Win32.Delf.gqh skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP124\A0021716.exe Infected: not-a-virus:AdWare.Win32.Ejik.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021728.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021728.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021728.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021774.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021776.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021778.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021779.exe/stream/data0003 Infected: Trojan.Win32.Inject.avy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021779.exe/stream Infected: Trojan.Win32.Inject.avy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021779.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021781.exe Infected: Trojan-Downloader.Win32.Agent.mwq skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021782.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021786.exe Infected: Trojan-Downloader.Win32.Zlob.lde skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021787.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021788.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021789.dll Infected: Trojan-Downloader.Win32.Zlob.lcz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021790.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021792.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021793.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021794.exe Infected: Trojan-Downloader.Win32.Zlob.ldf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021795.exe Infected: Trojan-Downloader.Win32.Zlob.ldd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021796.exe Infected: Trojan-Downloader.Win32.Zlob.ldc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021797.exe Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021798.exe Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021799.exe Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021802.sys Infected: Trojan-Clicker.Win32.Costrat.fn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021805.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021806.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021807.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021808.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021811.exe/stream/data0001 Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021811.exe/stream Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021811.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021814.sys Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe/stream Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021841.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021841.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021841.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021851.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021851.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021851.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021929.sys Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe/stream Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021933.exe/stream/data0003 Infected: Trojan.Win32.Inject.avy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021933.exe/stream Infected: Trojan.Win32.Inject.avy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021933.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021934.exe Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021935.exe Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021936.exe Infected: Trojan-Downloader.Win32.Homles.bd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022025.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022026.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022027.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022028.exe Infected: Trojan-Downloader.Win32.Zlob.ldc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022029.exe Infected: Trojan-Downloader.Win32.Zlob.ldf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022030.exe Infected: Trojan-Downloader.Win32.Zlob.ldd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022032.dll Infected: Trojan-Downloader.Win32.Zlob.lcz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022033.exe Infected: Trojan-Downloader.Win32.Zlob.lde skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022035.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022036.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022040.exe/stream/data0001 Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022040.exe/stream Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022040.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022042.dll Infected: not-a-virus:AdWare.Win32.Ejik.ei skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022043.dll Infected: not-a-virus:AdWare.Win32.Ejik.ei skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\A0022136.exe Infected: Trojan-Downloader.Win32.Agent.mwq skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{4CAB8264-9142-420A-A082-DB6DC0C0D2A6}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_26v8mzFY6RqCVh4 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_HpJIG3JEM7NtbDs Object is locked skipped
C:\WINDOWS\Temp\mcmsc_NUYbrqI9I5meySB Object is locked skipped
C:\WINDOWS\Temp\mcmsc_XoyhG4GDk2VLvNQ Object is locked skipped
C:\WINDOWS\Temp\sqlite_5rSbfkCtmWfcUcf Object is locked skipped
C:\WINDOWS\Temp\sqlite_iljZGslxmsTvhc5 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Thanks!

Geri · 2008/04/15

Hi zepheryn

Don't know if you use this...
C:\Documents and Settings\Jenny\Desktop\Misc Programs\Misc\Download_3gp-video-converter.exe

But it is infected with winfixer and needs to be deleted.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\Documents and Settings\Jenny\Desktop\Misc Programs\Misc\Download_3gp-video-converter.exe

Now please do this.
Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.

Please double-click OTMoveIt.exe to run it.

Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.

This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Run ATF Cleaner again.

Please reboot your computer.

Please run and post a new Kaspersky scan.

Thanks
Geri

zepheryn · 2008/04/16

Hiya, I deleted that file, here's the Kaspersky scan, thanks very much!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 16, 2008 9:50:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 711452
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 188147
Number of viruses found: 20
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 02:31:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D75B88B-9539-4E91-A495-5EC73F4C84B0}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F19F2EEC-0B70-4DFC-B4A6-4B023B304F38}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\history.dat Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\key3.db Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jenny\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Application Data\Mozilla\Firefox\Profiles\pkveakw3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\History\History.IE5\MSHist012008041620080417\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1C5.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1CA.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1CE.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1CF.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1DB.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1E3.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temp\fla1E6.tmp Object is locked skipped
C:\Documents and Settings\Jenny\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jenny\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jenny\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP124\A0021713.ini Infected: Trojan-Downloader.Win32.Small.uke skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP124\A0021716.exe Infected: not-a-virus:AdWare.Win32.Ejik.eg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021728.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021728.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021728.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021786.exe Infected: Trojan-Downloader.Win32.Zlob.lde skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021789.dll Infected: Trojan-Downloader.Win32.Zlob.lcz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021790.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021791.dll Infected: Trojan-Downloader.Win32.Zlob.lec skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021792.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021794.exe Infected: Trojan-Downloader.Win32.Zlob.ldf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021795.exe Infected: Trojan-Downloader.Win32.Zlob.ldd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021796.exe Infected: Trojan-Downloader.Win32.Zlob.ldc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021797.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021798.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021799.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021800.exe Infected: Trojan-Downloader.Win32.Agent.ncd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021802.sys Infected: Trojan-Clicker.Win32.Costrat.fn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021804.dll Infected: Trojan-Spy.Win32.Pophot.aph skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021805.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021808.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021811.exe/stream/data0001 Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021811.exe/stream Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021811.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021814.sys Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe/stream Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021816.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021841.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021841.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021841.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021851.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021851.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP125\A0021851.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021929.sys Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe/stream/data0002/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe/stream Infected: not-a-virus:AdWare.Win32.Cinmus.ejg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021932.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021934.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021935.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP126\A0021936.exe Infected: Trojan-Downloader.Win32.Homles.bf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022024.dll Infected: Trojan-Downloader.Win32.Zlob.lec skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022026.exe Infected: Trojan-Downloader.Win32.Zlob.lda skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022027.exe Infected: Trojan-Downloader.Win32.Zlob.ldk skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022028.exe Infected: Trojan-Downloader.Win32.Zlob.ldc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022029.exe Infected: Trojan-Downloader.Win32.Zlob.ldf skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022030.exe Infected: Trojan-Downloader.Win32.Zlob.ldd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022032.dll Infected: Trojan-Downloader.Win32.Zlob.lcz skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022033.exe Infected: Trojan-Downloader.Win32.Zlob.lde skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022035.exe Infected: Worm.Win32.Socks.by skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022036.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022040.exe/stream/data0001 Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022040.exe/stream Infected: Trojan-Downloader.Win32.Small.ugy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022040.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022041.dll Infected: Trojan-Spy.Win32.Pophot.aph skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP127\A0022042.dll Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\A0022127.exe Infected: Trojan-Downloader.Win32.Agent.ncd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\A0022393.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\A0022393.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\A0022393.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\A0022396.exe Infected: not-a-virusownloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP128\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A15601BC-4054-4625-9C1A-36C8CF627ADF}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{20B05B32-2984-4708-A789-B102FB2AE70E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_fZb3G6fQFfkJMJ4 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_UfvpMaaeLuSpE0X Object is locked skipped
C:\WINDOWS\Temp\mcmsc_v4ybGdASN66FbkG Object is locked skipped
C:\WINDOWS\Temp\mcmsc_XwaRStKve9GtefN Object is locked skipped
C:\WINDOWS\Temp\sqlite_or50yJiCxuPv4DC Object is locked skipped
C:\WINDOWS\Temp\sqlite_Te2hxUcem2kOdQC Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Geri · 2008/04/17

Hi zepheryn

OK Things are looking good.

Please do the following.

We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under "Type a description for your restore pointâ€¦â€put a name in the box,. Click Create. In the next window click Close.

Please run ATF Cleaner again.

Let me know how things are running.

Thanks
Geri

zepheryn · 2008/04/18

Hiya,

After I did everything you said, I ran another Kaspersky scan, and it said everything is clean, my computer is now trojan and virus-free

Thank you so very much for your patience and assistance!!! I greatly appreciate your help! You're the best <3<3<3

Zeph

Geri · 2008/04/18

Hi zepheryn
Great, Glad to have helped out.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this resolved.

Surf Safely
Geri

Log in or Sign up

Solved Trojan problem, please help, thanks!

zepheryn Inactive Thread Starter

zepheryn Inactive Thread Starter

Geri Inactive Alumni

zepheryn Inactive Thread Starter

Geri Inactive Alumni

zepheryn Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Solved Trojan problem, please help, thanks!

zepheryn Inactive Thread Starter

zepheryn Inactive Thread Starter

Geri Inactive Alumni

zepheryn Inactive Thread Starter

Geri Inactive Alumni

zepheryn Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches