|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
04-20-2007, 02:40 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: winxp
|
popups and no downloads, help please
24 h. ago i received a warning on my desktop from my panda antivirus about a suspicious program, after i downloded poweriso from the internet. after that my computer started slowing down, because i could not send the compress file to panda for scanning i instaled zone alarm security suite for a antivirus/spyware scan. i than deleted panda so that i could run the scan overnight. when completed, the scan was frozen around one specific item associated with c:/windows system32....after reboting the zonealarm scan was still frozen and my cpu usage was just above 50%. after disconnecting my internet cable and another reboot i was able to delete the file (would not rename or quarantine). after reconnecting my internet cable i found that i am not able to download any of the software recomended by the tech support of this forum and iam not allowed in certain web sites. i still have the popups (winantivirus 2007, winantispyware 2007), my cpu usage is still way high. after running my windows xp cd to tray to fix damage files my internet explorer7 trasformed itself into the previous version (ie 6) and my opera web browser was so erratic that i endup deleting it to. rigth now i have a hijackthis logfile performed but i dont know witch files are the problem.
|
|
     |
|
04-20-2007, 03:16 PM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: winxp
|
Re: popups and no downloads, help please
Logfile of HijackThis v1.99.1
Scan saved at 5  55 PM, on 4/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\runservice.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\svshost.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Updates] svshost.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\mgmaqeye.dll",setvm O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [Microsoft Updates] svshost.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE O4 - Startup: Registration .LNK = C:\Program Files\UBISOFT\Demo\Tom Clancy's Splinter Cell Double Agent Demo\support\Register\Reg.exe O4 - Startup: Sid Registration.lnk = E:\ATR1.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CCS\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4468E9E8-BA8D-486B-9220-55546345A160}: NameServer = 142.177.1.2 142.177.129.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF93F33E-C6C7-442F-82F6-89AC82D49203}: Domain = sympatico.ca O17 - HKLM\System\CS1\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CS1\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CS2\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CS3\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ---------------------------------------------------------------------- the hijackthis log report for the problem above. any help will be much apreciated |
|
|
|
|
04-20-2007, 06:00 PM
|
#3 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: popups and no downloads, help please
1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe
2. Double click on combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
04-20-2007, 06:34 PM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: winxp
|
Re: popups and no downloads, help please
every time i try to download something i get "http error 403", at this moment i dont know if its related with my malware problem or caused by zonealarm security suite (was fine with panda anti virus), or because i run my windows xp cd in upgrade option to try to fix certain files gone when i deleted panda.
at this moment i am using internet explorer 6, as my default browser (firefox) its full of popups ( error protector and system doctor ). any help would be fantastic, thanks for your reply |
|
|
|
|
04-21-2007, 12:17 AM
|
#5 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: popups and no downloads, help please
If you cannot download using your own machine, please do it from another machine & transfer the file via a flashdrive or cd
|
|
|
|
|
04-21-2007, 07:24 AM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: winxp
|
Re: popups and no downloads, help please
my combo fix notepad:
"Rui Rebelo" - 07-04-21 8:41:55 Service Pack 2 ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\Rui Rebelo\Desktop\ (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\klkkj.bak2 C:\WINDOWS\system32\klkkj.ini C:\WINDOWS\system32\jkklk.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bund1\temp.txt C:\WINDOWS\system32\components\flx1.dll C:\WINDOWS\system32\components\flx10.dll C:\WINDOWS\system32\components\flx11.dll C:\WINDOWS\system32\components\flx12.dll C:\WINDOWS\system32\components\flx13.dll C:\WINDOWS\system32\components\flx14.dll C:\WINDOWS\system32\components\flx15.dll C:\WINDOWS\system32\components\flx16.dll C:\WINDOWS\system32\components\flx17.dll C:\WINDOWS\system32\components\flx18.dll C:\WINDOWS\system32\components\flx19.dll C:\WINDOWS\system32\components\flx2.dll C:\WINDOWS\system32\components\flx20.dll C:\WINDOWS\system32\components\flx21.dll C:\WINDOWS\system32\components\flx22.dll C:\WINDOWS\system32\components\flx23.dll C:\WINDOWS\system32\components\flx24.dll C:\WINDOWS\system32\components\flx25.dll C:\WINDOWS\system32\components\flx26.dll C:\WINDOWS\system32\components\flx27.dll C:\WINDOWS\system32\components\flx28.dll C:\WINDOWS\system32\components\flx29.dll C:\WINDOWS\system32\components\flx3.dll C:\WINDOWS\system32\components\flx30.dll C:\WINDOWS\system32\components\flx31.dll C:\WINDOWS\system32\components\flx32.dll C:\WINDOWS\system32\components\flx33.dll C:\WINDOWS\system32\components\flx34.dll C:\WINDOWS\system32\components\flx35.dll C:\WINDOWS\system32\components\flx36.dll C:\WINDOWS\system32\components\flx4.dll C:\WINDOWS\system32\components\flx5.dll C:\WINDOWS\system32\components\flx7.dll C:\WINDOWS\system32\components\flx8.dll C:\WINDOWS\system32\components\flx9.dll C:\DOCUME~1\RUIREB~1\Desktop.\internet explorer.lnk C:\Program Files\install.log C:\WINDOWS\system32\bund1 C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 )))))))))))))))))))))))))))))))))) 2007-04-20 12:17 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-20 12:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-20 12:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-20 11:41 <DIR> d-------- C:\WINDOWS\setup.pss 2007-04-19 23:39 512 --a------ C:\ScanSectorLog.dat 2007-04-19 22:48 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-19 20:39 64,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-04-19 20:39 3,523,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-04-19 20:39 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\MailFrontier 2007-04-19 20:18 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-04-19 20:18 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat 2007-04-19 20:18 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-04-19 20:15 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-04-19 18:13 <DIR> d-------- C:\Program Files\Guild Wars 2007-04-19 14:16 <DIR> d-------- C:\Program Files\PowerISO 2007-04-19 13:02 79,580 --a------ C:\WINDOWS\system32\svshost.exe 2007-04-19 08:30 <DIR> d-------- C:\Program Files\EA GAMES 2007-04-18 22:33 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-04-18 22:33 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-04-18 22:32 <DIR> d-------- C:\Program Files\HD Publishing 2007-04-18 13:28 <DIR> d-------- C:\Program Files\PC Wizard 2007 2007-04-18 09:12 <DIR> d-------- C:\temp 2007-04-18 08:49 <DIR> d-------- C:\Program Files\THQ 2007-04-18 08:03 <DIR> d-------- C:\Program Files\Battlefront 2007-04-17 20:07 <DIR> d-------- C:\Program Files\hijack this 2007-04-17 10:32 <DIR> d-------- C:\Program Files\Opera 2007-04-17 10:32 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\Opera 2007-04-17 10:16 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\Talkback 2007-04-17 10:15 3,499 --a------ C:\WINDOWS\mozver.dat 2007-04-17 10:15 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2007-04-17 10:15 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\Thunderbird 2007-04-17 08:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-04-15 12:03 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\Command & Conquer 3 Tiberium Wars 2007-04-15 10:14 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-04-15 09:53 <DIR> d-------- C:\Program Files\Electronic Arts 2007-03-26 21:00 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\dvdcss 2007-03-25 19:09 <DIR> d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\vlc 2007-03-25 19:08 <DIR> d-------- C:\Program Files\VideoLAN (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-21 08:54 825 --ahs---- C:\WINDOWS\system32\mmf.sys 2007-04-21 08:37 -------- d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\utorrent 2007-04-20 12:08 23348 --a--c--- C:\WINDOWS\system32\emptyregdb.dat 2007-04-19 21:39 -------- d--h----- C:\Program Files\installshield installation information 2007-04-10 00:35 -------- d-------- C:\Program Files\stardock 2007-03-18 23:45 -------- d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\help 2007-03-04 12:43 -------- d-------- C:\DOCUME~1\RUIREB~1\APPLIC~1\installshield 2007-02-07 14:58 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll 2007-01-25 08:49 0 --a------ C:\WINDOWS\nsreg.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\cplfmiek.dll [x] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll {7AC06F58-F80C-4940-A14C-E09FE77F9DD2} C:\WINDOWS\system32\xxywvsr.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\"" "IPInSightLAN 01"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\Sympatico Consumer\\IPClient.exe\" -l" "IPInSightMonitor 01"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\Sympatico Consumer\\IPMon32.exe\"" "Motive SmartBridge"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "CleanIt"="C:\\Program Files\\CleanIt\\cleanit.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "Microsoft Updates"="svshost.exe" "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "PowerBar"="" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Updates"="svshost.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{6af69c4d-420a-4c95-b34f-e4635f84f53b}"="forevouched" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{7AC06F58-F80C-4940-A14C-E09FE77F9DD2}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywvsr HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4c55f0d-952a-11db-9a31-000c6e5ac510}] Shell\AutoRun\command E:\autorun.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Disk Cleanup.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-21 09:02:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ?\?????????????????????????????????????????????????????????????|p??|????m??|?`?w????????X\????@?8?@?????X\??c"?s???s??????@?????N'?s?O2?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?s?O2??$@?8?@?8?@??????????O2??:2????s?:2??N2??:2??:2?0i?s???????? O2???? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-21 9:04:42 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-21 09:04 ------------------------------------------------------------------------- and also the quarantined files log: Code:
06-05-05 17:07 767 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\RUIREB~1\Desktop\Internet Explorer.lnk.vir
06-05-22 16:05 447 --a--c--- C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
06-06-26 23:28 11824 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx3.dll.vir
06-06-27 17:50 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx1.dll.vir
06-06-27 17:50 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx4.dll.vir
06-06-27 18:15 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx2.dll.vir
06-06-27 18:15 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx5.dll.vir
06-06-27 18:40 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx7.dll.vir
06-06-27 18:40 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx8.dll.vir
06-06-27 19:05 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx9.dll.vir
06-06-27 19:05 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx10.dll.vir
06-06-27 19:30 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx11.dll.vir
06-06-27 19:30 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx12.dll.vir
06-06-27 20:15 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx13.dll.vir
06-06-27 20:15 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx14.dll.vir
06-06-27 20:40 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx15.dll.vir
06-06-27 20:40 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx16.dll.vir
06-06-27 21:05 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx17.dll.vir
06-06-27 21:05 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx18.dll.vir
06-06-27 21:50 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx19.dll.vir
06-06-27 21:50 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx20.dll.vir
06-06-27 22:15 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx21.dll.vir
06-06-27 22:15 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx22.dll.vir
06-06-27 22:40 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx23.dll.vir
06-06-27 22:40 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx24.dll.vir
06-06-27 23:05 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx25.dll.vir
06-06-27 23:05 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx26.dll.vir
06-06-27 23:30 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx27.dll.vir
06-06-27 23:30 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx28.dll.vir
06-06-27 23:55 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx29.dll.vir
06-06-27 23:55 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx30.dll.vir
06-06-28 00:20 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx31.dll.vir
06-06-28 00:20 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx32.dll.vir
06-06-28 00:45 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx33.dll.vir
06-06-28 00:45 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx34.dll.vir
06-06-28 01:10 11720 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx35.dll.vir
06-06-28 01:10 11888 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\components\flx36.dll.vir
07-03-08 03:22 1 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bund1\temp.txt.vir
07-04-19 13:28 281172 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jkklk.dll.vir
07-04-19 17:23 780080 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\klkkj.bak2.vir
07-04-21 08:51 843055 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\klkkj.ini.vir
Folder PATH listing
Volume serial number is A44B-2A88
C:\QOOBOX
\---Quarantine
+---C
| +---DOCUME~1
| | \---RUIREB~1
| | \---Desktop
| | Internet Explorer.lnk.vir
| |
| +---Program Files
| | INSTALL.LOG.vir
| |
| \---WINDOWS
| \---system32
| | jkklk.dll.vir
| | klkkj.bak2.vir
| | klkkj.ini.vir
| |
| +---bund1
| | temp.txt.vir
| |
| \---components
| flx1.dll.vir
| flx10.dll.vir
| flx11.dll.vir
| flx12.dll.vir
| flx13.dll.vir
| flx14.dll.vir
| flx15.dll.vir
| flx16.dll.vir
| flx17.dll.vir
| flx18.dll.vir
| flx19.dll.vir
| flx2.dll.vir
| flx20.dll.vir
| flx21.dll.vir
| flx22.dll.vir
| flx23.dll.vir
| flx24.dll.vir
| flx25.dll.vir
| flx26.dll.vir
| flx27.dll.vir
| flx28.dll.vir
| flx29.dll.vir
| flx3.dll.vir
| flx30.dll.vir
| flx31.dll.vir
| flx32.dll.vir
| flx33.dll.vir
| flx34.dll.vir
| flx35.dll.vir
| flx36.dll.vir
| flx4.dll.vir
| flx5.dll.vir
| flx7.dll.vir
| flx8.dll.vir
| flx9.dll.vir
|
\---Registry_backups
thanks for all the help |
|
|
|
|
04-21-2007, 08:53 AM
|
#7 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: popups and no downloads, help please
Open notepad and copy/paste the text in the quotebox below into it:
Code:
@echo off
( del /a/s/f %systemroot%\svshost.exe
swreg delete hklm\software\microsoft\windows\currentversion\run /v "microsoft updates"
swreg delete hklm\software\microsoft\windows\currentversion\run /v "userfaultcheck"
swreg delete "hklm\software\microsoft\windows nt\currentversion\winlogon\notify\xxywvsr"
swreg delete hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks /v "{7ac06f58-f80c-4940-a14c-e09fe77f9dd2}"
swreg delete hklm\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler /v "{6af69c4d-420a-4c95-b34f-e4635f84f53b}"
swreg delete hklm\software\microsoft\windows\currentversion\runservices /v "microsoft updates"
swreg delete hkcu\software\microsoft\windows\currentversion\run /v "powerbar"
swreg delete hklm\software\microsoft\windows\currentversion\explorer\browser helper objects\{1557b435-8242-4686-9aa3-9265bf7525a4}
swreg delete hklm\software\microsoft\windows\currentversion\explorer\browser helper objects\{7ac06f58-f80c-4940-a14c-e09fe77f9dd2}
swreg delete hkcr\clsid\{1557b435-8242-4686-9aa3-9265bf7525a4}
swreg delete hkcr\clsid\{7ac06f58-f80c-4940-a14c-e09fe77f9dd2} ) >nul 2>&1
echo.Done&pause
exit
It should look like this:  This file needs to be run from safe mode --------------- 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. Once you get to Safe Mode, double click on fix.bat & allow it to run --------------- Reboot back to Normal mode Perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results --------------- In your next post, please include fresh logs from:
Last edited by sUBs : 04-21-2007 at 08:55 AM. |
|
|
|
|
04-22-2007, 08:40 AM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 6
OS: winxp
|
Re: popups and no downloads, help please
hello again, sorry for the delay but i am ready now to post the logs required.
a fresh hijackthis report: Logfile of HijackThis v1.99.1 Scan saved at 9:37:24 AM, on 4/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\runservice.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7AC06F58-F80C-4940-A14C-E09FE77F9DD2} - (no file) O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE O4 - Startup: Sid Registration.lnk = E:\ATR1.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ws-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CCS\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4468E9E8-BA8D-486B-9220-55546345A160}: NameServer = 142.177.1.2 142.177.129.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF93F33E-C6C7-442F-82F6-89AC82D49203}: Domain = sympatico.ca O17 - HKLM\System\CS1\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CS1\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CS2\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: Domain = sympatico.ca O17 - HKLM\System\CS3\Services\Tcpip\..\{0A46989A-3FD7-4F90-8AB0-0DB81755D0D8}: NameServer = 192.168.2.1 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -------------------------------------------------------------------- my internet scan from bit defender: BitDefender Online Scanner Scan report generated at: Sun, Apr 22, 2007 - 05:03:48 Scan path: A:\;C:\;D:\;E:\;F:\; Statistics Time 01:35:29 Files 304571 Folders 6599 Boot Sectors 2 Archives 1740 Packed Files 16457 Results Identified Viruses 6 Infected Files 74 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 76 Engines Info Virus Definitions 487308 Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx1.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx1.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx1.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx10.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx10.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx10.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx11.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx11.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx11.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx12.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx12.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx12.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx13.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx13.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx13.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx14.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx14.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx14.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx15.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx15.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx15.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx16.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx16.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx16.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx17.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx17.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx17.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx18.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx18.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx18.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx19.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx19.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx19.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx2.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx2.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx2.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx20.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx20.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx20.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx21.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx21.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx21.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx22.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx22.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx22.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx23.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx23.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx23.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx24.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx24.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx24.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx25.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx25.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx25.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx26.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx26.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx26.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx27.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx27.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx27.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx28.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx28.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx28.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx29.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx29.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx29.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx3.dll.vir Infected with: Generic.Zlob.4A6DE2B5 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx3.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx3.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx30.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx30.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx30.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx31.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx31.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx31.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx32.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx32.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx32.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx33.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx33.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx33.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx34.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx34.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx34.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx35.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx35.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx35.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx36.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx36.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx36.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx4.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx4.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx4.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx5.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx5.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx5.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx7.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx7.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx7.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx8.dll.vir Infected with: Generic.Zlob.D0942020 C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx8.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx8.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx9.dll.vir Infected with: Generic.Zlob.0A9F73EC C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx9.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx9.dll.vir Deleted C:\QooBox\Quarantine\C\WINDOWS\system32\jkklk.dll.vir Infected with: MemScan:Trojan.Vundo.AP C:\QooBox\Quarantine\C\WINDOWS\system32\jkklk.dll.vir Disinfection failed C:\QooBox\Quarantine\C\WINDOWS\system32\jkklk.dll.vir Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000216.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000216.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000216.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000217.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000217.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000217.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000218.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000218.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000218.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000219.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000219.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000219.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000220.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000220.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000220.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000221.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000221.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000221.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000222.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000222.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000222.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000223.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000223.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000223.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000224.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000224.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000224.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000225.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000225.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000225.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000226.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000226.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000226.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000227.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000227.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000227.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000228.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000228.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000228.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000229.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000229.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000229.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000230.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000230.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000230.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000231.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000231.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000231.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000232.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000232.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000232.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000233.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000233.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000233.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000234.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000234.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000234.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000235.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000235.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000235.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000236.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000236.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000236.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000237.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000237.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000237.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000238.dll Infected with: Generic.Zlob.4A6DE2B5 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000238.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000238.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000239.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000239.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000239.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000240.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000240.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000240.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000241.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000241.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000241.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000242.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000242.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000242.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000243.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000243.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000243.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000244.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000244.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000244.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000245.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000245.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000245.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000246.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000246.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000246.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000247.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000247.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000247.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000248.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000248.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000248.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000249.dll Infected with: Generic.Zlob.D0942020 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000249.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000249.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000250.dll Infected with: Generic.Zlob.0A9F73EC C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000250.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000250.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000256.dll Infected with: MemScan:Trojan.Vundo.AP C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000256.dll Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP1\A0000256.dll Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o)=>bpkhk.dll=>(Quarantine-PE) Infected with: Generic.Perfloger.CC4530A7 C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o)=>bpkhk.dll=>(Quarantine-PE) Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o)=>bpkhk.dll=>(Quarantine-PE) Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o) Update failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o)=>bpk.exe=>(Quarantine-PE) Infected with: Generic.Keylogger.973E2DBF C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o)=>bpk.exe=>(Quarantine-PE) Disinfection failed C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o)=>bpk.exe=>(Quarantine-PE) Deleted C:\System Volume Information\_restore{CDFE92D1-AB66-48F7-B9BD-1993CA0D1D65}\RP9\A0003023.exe=>(RAR Sfx o) Update failed --------------------------------------------------------------- once again thanks for all the help, i will be waiting for instructions. my computer its still infected as i could see from the bitdefender scan but other than "lsa shell (exported version) is trying to acess the internet" everything looks normal. i download a lot of stuff from the internet, mostly related to games (mods and plugins in compressed files) and some torrent related staff, i know the risks and i try to be as carefull as i can, so my questions are: 1- is zonealarm security suite 7.0 my best bet for a antivirus tool (it not scan or detected all the malware presented in the bit defender scan) 2- its safe to just scan a file before opening looking for malware (or the scan cannot detect malware before opening the file ) 3-is there any other antivirus/antispyware tools that i should have to help me fight this nasty price we all pay for internet pleasure. thanks for all the time you put into this problem, without forums like this we would all be in limbo. Last edited by sUBs : 04-22-2007 at 09:44 AM. |
|
|
|
