Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Malware Galore
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 2 1 2
 
LinkBack Thread Tools
Old 10-11-2006, 06:45 AM   #21 (permalink)
Analyst, Security Team ; TSF Supporter
 
fredmh's Avatar
 
Join Date: May 2006
Location: Phila,Pa
Posts: 2,335
OS: XP


Do you have your Kaspersky log?
fredmh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-16-2006, 07:23 PM   #22 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 19
OS: XP


KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 11, 2006 6:23:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/10/2006
Kaspersky Anti-Virus database records: 230528


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 61676
Number of viruses found 58
Number of infected objects 178 / 0
Number of suspicious objects 0
Duration of the scan process 01:14:35

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AutoSearch.dll Infected: not-a-virus:AdWare.Win32.AutoSearch.b skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN CHM: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940001.VBN Infected: Trojan-Downloader.Win32.VB.wz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN CHM: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980001.VBN Infected: Trojan-Downloader.Win32.VB.wz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980002.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN CHM: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0003.VBN Infected: Trojan-Downloader.Win32.VB.wz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN/data0002 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN/data0005 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN NSIS: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN/data0002 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN/data0005 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN NSIS: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Puraj\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\History\History.IE5\MSHist012006101120061012\index.dat Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Puraj\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Puraj\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP636\A0353790.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP636\A0353790.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP636\A0353790.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0356979.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0356980.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357021.0XE Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357022.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357024.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357115.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357116.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357117.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357147.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357148.exe Infected: not-a-virus:AdWare.Win32.PurityScan.eu skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357171.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358171.0LL Infected: Trojan-Downloader.Win32.Agent.agw skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358172.0XE Infected: Trojan-Downloader.Win32.Qoologic.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358197.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358197.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358197.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358202.0XE Infected: Trojan-Downloader.Win32.VB.alg skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358204.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358216.0XE Infected: Trojan-Downloader.Win32.Adload.fg skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358217.0XE Infected: Trojan-Downloader.Win32.VB.amb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358219.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358219.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358219.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358221.0XE Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358222.0XE Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358223.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358224.0XE Infected: Trojan-Downloader.Win32.Qoologic.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358225.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358225.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358225.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358227.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP647\A0358247.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358276.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358283.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358294.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358295.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358296.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358296.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358296.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358301.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358321.exe Infected: not-a-virus:AdWare.Win32.Agent.ag skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358327.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.s skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358328.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358336.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358340.exe/msnmsgrs.exe Infected: Backdoor.Win32.Rbot.azl skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358340.exe/wuauclts.exe Infected: P2P-Worm.Win32.SpyBot.gw skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358340.exe CreateInstall: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358401.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358406.dll Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360424.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360456.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360457.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360458.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361482.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361617.dll Infected: not-a-virus:AdWare.Win32.EZula.cg skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361618.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361622.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361623.0XE Infected: Trojan-Downloader.Win32.PurityScan.cx skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361624.0XE Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361625.exe Infected: not-a-virus:AdWare.Win32.PurityScan.eu skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361667.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361750.0XE Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361769.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361770.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361773.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361788.dll Infected: Packed.Win32.Klone.k skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361812.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361815.0XE Infected: Trojan-Downloader.Win32.Small.dul skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361816.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361827.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361828.0XE Infected: Trojan.Win32.StartPage.hw skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361829.0XE Infected: Trojan-PSW.Win32.Sinowal.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361837.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361838.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361839.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361840.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP657\A0362836.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP657\A0362837.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP657\A0362838.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365908.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365909.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365910.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365911.exe/AutoSearch.dll Infected: not-a-virus:AdWare.Win32.AutoSearch.b skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365911.exe CAB: infected - 1 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365912.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar/whCC-GIANT2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar/whCC-GIANT2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar/whCC-GIANT2.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar/whCC-GIANT3.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar/whCC-GIANT3.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar/whCC-GIANT3.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe/data0003/stream/data0001 Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe/data0003/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe/data0003 Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365916.exe Infected: Trojan-Downloader.Win32.Adload.gf skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365921.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365924.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365924.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365924.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365928.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365952.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365953.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365954.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365991.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365991.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365991.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365993.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365993.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365993.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365994.exe Infected: Trojan-Downloader.Win32.PurityScan.cx skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365996.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0366018.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366049.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366050.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366051.dll Infected: Trojan.Win32.BHO.g skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366106.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\change.log Object is locked skipped

C:\unzipped\hijackthis[1]\backups\backup-20061005-230742-390.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\LastGood\amm06.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped

C:\WINDOWS\motorsix.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.r skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\__delete_on_reboot__n_e_m_2_2_0_._d_l_l_ Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped

Scan process completed.
wyrdrune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2006, 10:29 AM   #23 (permalink)
Analyst, Security Team ; TSF Supporter
 
fredmh's Avatar
 
Join Date: May 2006
Location: Phila,Pa
Posts: 2,335
OS: XP


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

DOWNLOADS


CLEANUP! version 4.52 – TEMP FILE CLEANING


Please download Cleanup! and install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.


AVG Anti-Spyware 7.5


Please update AVG Anti-Spyware 7.5
  1. Double-click the icon on Desktop to launch AVG A-S 7.5
  2. On the top of the main screen click Shield
  3. Click the word active to change it to inactive
  4. On the top of the main screen click Update.
  5. Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  6. I also recommend changing the "Update interval" to something more reasonable like 12 hours.

----------------------------------------

SAFE MODE RE-BOOT

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

----------------------------------------

FIXES AND DELETIONS


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Internet Optimizer

----------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - _{A2DDB8FC-566A-5FE7-1402-2CF07DCB6093} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nstFD.dll
O2 - BHO: AutoSearch - {A55581DC-2CDB-4089-8878-71A080B22342} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUTOSE~1.DLL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\ICROSO~1\wuauboot.exe" -vt yazb
O4 - HKCU\..\Run: [Ces] C:\Program Files\??crosoft\netdde.exe

Please remember to close all other windows, including browsers then click Fix checked.

----------------------------------------

UNHIDE HIDDEN FILES

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

----------------------------------------
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.


C:\WINDOWS\SYSTEM32\nss83.dll
C:\WINDOWS\SYSTEM32\nsdE6.dll
C:\WINDOWS\SYSTEM32\nstFD.dll
C:\WINDOWS\SYSTEM32\nsrFC.dll

C:\WINDOWS\LastGood\amm06.ocx

C:\WINDOWS\motorsix.ocx
C:\WINDOWS\__delete_on_reboot__n_e_m_2_2_0_._d_l_l_
C:\WINDOWS\nem220.dll


C:\Documents and Settings\All Users\Application Data\AutoSearch.dll

C:\unzipped\hijackthis[1]\backups\backup-20061005-230742-390.dll

C:\Documents and Settings\Puraj\Application Data\SystemDoctor 2006 Free

----------------------------------------

RUNNING SCANNERS


Cleanup

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program and DO NOT reboot when prompted.


AVG Anti-Spyware 7.5
  • Run AVG A-s with it's updated definitions: (...it's important that all windows must be closed)
    This scan can take quite a while to run, so be prepared.
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine.
  • Then click Apply all actions.


Note: DO NOT USE the computer while AVG A/S is scanning. If Explorer or the Control Panel are opened some malware types will
reinfect your system or will not be cleaned properly.


Once finished, click the Save report button, then click Save Report As and save it to your desktop.

----------------------------------------
SYSTEM RE-BOOT

Reboot into Normal Mode.

----------------------------------------

ON-LINE SCANS


Kaspersky - Extended

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect.
    We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

----------------------------------------

ComboFix


2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

----------------------------------------

FOLLOW-UP

Please return and post these items:


AVG A/S scan
Kaspersky scan
A new HJT log run in Normal Mode

Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode

Please let me know how your system is behaving.
Last edited by Ried; 10-18-2006 at 12:03 PM.
fredmh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2006, 03:57 PM   #24 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 19
OS: XP


COMBOFIX LOG

Puraj - 06-10-18 14:50:12.28 Service Pack 1
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Puraj\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-18 to 2006-10-18 ))))))))))))))))))))))))))))))))))


2006-10-12 07:14 78,848 --a------ C:\WINDOWS\SYSTEM32\nsv3609.dll
2006-10-03 14:08 761,856 --a------ C:\WINDOWS\SYSTEM32\xvidcore.dll
2006-10-03 14:07 180,224 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-18 09:48 -------- d-------- C:\Program Files\CleanUp!
2006-10-17 13:41 -------- d-------- C:\Program Files\PokerStars
2006-10-11 00:30 -------- d-------- C:\Program Files\Grisoft
2006-10-06 08:05 -------- d-------- C:\Program Files\diabloII
2006-10-05 23:18 -------- d-------- C:\Program Files\Common Files
2006-10-05 19:09 -------- d-------- C:\Program Files\Microsoft Works
2006-10-05 19:09 -------- d-------- C:\Program Files\Microsoft Picture It! 2002
2006-10-05 19:09 -------- d-------- C:\Program Files\Messenger
2006-10-05 19:09 -------- d-------- C:\Program Files\Apoint
2006-10-03 14:11 -------- d-------- C:\Program Files\WinRAR
2006-10-03 14:08 -------- d-------- C:\Program Files\XviD
2006-09-28 16:42 -------- d-------- C:\Program Files\QuickTime
2006-09-28 16:41 -------- d-------- C:\Program Files\iTunes
2006-09-27 11:31 -------- d-------- C:\Program Files\Servant Salamander 2.0
2006-09-26 19:41 -------- d-------- C:\Program Files\Windows NT
2006-09-26 19:40 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-25 17:48 -------- d-------- C:\Program Files\Dell
2006-09-25 15:06 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-21 19:27 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-20 14:00 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-06 13:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-06 12:54 -------- d-------- C:\Program Files\Lavasoft
2006-09-06 12:54 -------- d-------- C:\Documents and Settings\Puraj\Application Data\Lavasoft
2006-09-06 11:53 -------- d-------- C:\Program Files\PCFriendly
2006-09-06 00:30 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-05 09:03 3968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"TCASUTIEXE"="TCAUDIAG -off"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 10/18/2006 14:51:09.14
ComboFix.txt
ComboFix2.txt
ComboFix3.txt


HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 2:51:53 PM, on 10/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\notepad.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


AVG SCAN

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:36:23 PM 10/18/2006

+ Scan result:



C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358321.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361482.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365911.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP673\A0368123.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\unzipped\hijackthis[1]\backups\backup-20061018-095736-629.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361827.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365953.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365954.exe -> Adware.CommAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Classes\AutoSearch.AutoSearchObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Classes\AutoSearch.AutoSearchObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Classes\AutoSearch.AutoSearchObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Classes\AutoSearch.AutoSearchObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358276.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360456.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361617.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366067.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366068.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP668\A0366114.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP669\A0367052.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP669\A0367053.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP669\A0367054.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP673\A0368133.dll -> Adware.EZula : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2914288250-963918322-4271176276-1006\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357115.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357117.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357171.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361622.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0356979.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP645\A0356980.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357022.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358223.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\snapshot\MFEX-1.DAT -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\snapshot\MFEX-2.DAT -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365909.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP673\A0368135.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP673\A0368136.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357024.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358301.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365996.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP673\A0368131.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357147.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357148.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP647\A0358247.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361618.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361625.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366049.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358227.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358294.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358401.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360424.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0366013.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358406.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357116.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358283.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365912.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365928.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357086.exe -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360457.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP651\A0360458.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365908.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366053.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366050.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358204.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358295.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358327.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358328.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358336.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358216.0XE -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365916.exe -> Downloader.Adload.gf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358171.0LL -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361624.0XE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361667.rbf -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361750.0XE -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361837.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361838.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361839.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361840.exe -> Downloader.Agent.awf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365927.dll -> Downloader.Bomka.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366106.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358221.0XE -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358222.0XE -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365910.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0366018.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358325.exe -> Downloader.PurityScan.bl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP654\A0361623.0XE -> Downloader.PurityScan.cx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365994.exe -> Downloader.PurityScan.cx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361790.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0366012.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357021.0XE -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365921.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361815.0XE -> Downloader.Small.dul : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358202.0XE -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358217.0XE -> Downloader.VB.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361828.0XE -> Hijacker.StartPage.hw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365952.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Puraj\Cookies\puraj@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Puraj\Cookies\puraj@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP667\A0366051.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358172.0XE -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358224.0XE -> Trojan.Qoologic : Cleaned with backup (quarantined).


::Report end

KASPERSKY LOG

KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 18, 2006 2:49:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/10/2006
Kaspersky Anti-Virus database records: 232843


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 59341
Number of viruses found 22
Number of infected objects 98 / 0
Number of suspicious objects 0
Duration of the scan process 01:13:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN CHM: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00940001.VBN Infected: Trojan-Downloader.Win32.VB.wz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN CHM: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980001.VBN Infected: Trojan-Downloader.Win32.VB.wz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00980002.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0000.VBN Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN/page.htm Infected: not-a-virus:AdWare.Win32.MediaMotor.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN/SystemDoctor2006FreeInstall.cab/USDR6_0001_D08M0404NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN/SystemDoctor2006FreeInstall.cab Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN CHM: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0002.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0003.VBN Infected: Trojan-Downloader.Win32.VB.wz skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN/data0002 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN/data0005 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN NSIS: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\009C0004.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN/data0002 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN/data0005 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN NSIS: infected - 3 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN CryptZ: infected - 3 skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Puraj\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\History\History.IE5\MSHist012006101820061019\index.dat Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Temp\Perflib_Perfdata_570.dat Object is locked skipped

C:\Documents and Settings\Puraj\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Puraj\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Puraj\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP636\A0353790.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP636\A0353790.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP636\A0353790.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0357113.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358197.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358197.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358197.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358219.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358219.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358219.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358225.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358225.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP646\A0358225.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358293.exe NSIS: infected - 4 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358296.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358296.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358296.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358340.exe/msnmsgrs.exe Infected: Backdoor.Win32.Rbot.azl skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358340.exe/wuauclts.exe Infected: P2P-Worm.Win32.SpyBot.gw skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP649\A0358340.exe CreateInstall: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361769.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361770.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP655\A0361773.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361788.dll Infected: Packed.Win32.Klone.k skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361812.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361816.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP656\A0361829.0XE Infected: Trojan-PSW.Win32.Sinowal.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP657\A0362836.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP657\A0362837.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP657\A0362838.exe Infected: Backdoor.Win32.Delf.avh skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar/whCC-GIANT2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar/whCC-GIANT2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar/whCC-GIANT2.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365913.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar/whCC-GIANT3.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar/whCC-GIANT3.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar/whCC-GIANT3.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365914.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe/data0003/stream/data0001 Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe/data0003/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe/data0003 Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365915.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365919.exe CAB: infected - 5 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365924.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365924.exe/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365924.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365991.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365991.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365991.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365993.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365993.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP662\A0365993.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP673\change.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{195FA17B-285E-4E0F-947E-25A52666DED8}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
wyrdrune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-19-2006, 09:52 PM   #25 (permalink)
Analyst, Security Team ; TSF Supporter
 
fredmh's Avatar
 
Join Date: May 2006
Location: Phila,Pa
Posts: 2,335
OS: XP


Clean-out and Reset System Restore

This will clean out any junk or malicious files left behind in System Restore
  • To turn off System Restore click Start > Right Click My Computer > Properties.
  • Click the System Restore tab and Check
  • "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply.
  • When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

  • Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties.
  • Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
  • Click Apply, and then OK.

This will create a new Restore Point.

----------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\SYSTEM32\nsv3609.dll


Note: If this file resists deletion, boot into Safe Mode and delete from there.

If you used safe mode, boot into normal mode after deletion.

----------------------------------------

ComboFix


2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


----------------------------------------

FOLLOW-UP

Please return and post these items:

combofix.txt

Please let me know how your system is behaving.
fredmh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2006, 01:05 PM   #26 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 19
OS: XP


My computer seems to be running well, but I still am unable to install VStoolbar from my programs list (when I select remove program, nothing happens). Enclosed is my combofix log; thank you very much

COMBOFIX

Puraj - 06-10-21 11:59:36.49 Service Pack 1
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Puraj\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 ))))))))))))))))))))))))))))))))))


2006-10-03 14:08 761,856 --a------ C:\WINDOWS\SYSTEM32\xvidcore.dll
2006-10-03 14:07 180,224 --a------ C:\WINDOWS\SYSTEM32\xvidvfw.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-20 16:27 -------- d-------- C:\Program Files\PokerStars
2006-10-20 15:43 -------- d-------- C:\Program Files\Common Files
2006-10-18 09:48 -------- d-------- C:\Program Files\CleanUp!
2006-10-11 00:30 -------- d-------- C:\Program Files\Grisoft
2006-10-06 08:05 -------- d-------- C:\Program Files\diabloII
2006-10-05 19:09 -------- d-------- C:\Program Files\Microsoft Works
2006-10-05 19:09 -------- d-------- C:\Program Files\Microsoft Picture It! 2002
2006-10-05 19:09 -------- d-------- C:\Program Files\Messenger
2006-10-05 19:09 -------- d-------- C:\Program Files\Apoint
2006-10-03 14:11 -------- d-------- C:\Program Files\WinRAR
2006-10-03 14:08 -------- d-------- C:\Program Files\XviD
2006-09-28 16:42 -------- d-------- C:\Program Files\QuickTime
2006-09-28 16:41 -------- d-------- C:\Program Files\iTunes
2006-09-27 11:31 -------- d-------- C:\Program Files\Servant Salamander 2.0
2006-09-26 19:41 -------- d-------- C:\Program Files\Windows NT
2006-09-26 19:40 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-25 17:48 -------- d-------- C:\Program Files\Dell
2006-09-25 15:06 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-09-21 19:27 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-20 14:00 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-06 13:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-06 12:54 -------- d-------- C:\Program Files\Lavasoft
2006-09-06 12:54 -------- d-------- C:\Documents and Settings\Puraj\Application Data\Lavasoft
2006-09-06 11:53 -------- d-------- C:\Program Files\PCFriendly
2006-09-06 00:30 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-05 09:03 3968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="\"C:\\Program Files\\Winamp3\\winampa.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"TCASUTIEXE"="TCAUDIAG -off"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 10/21/2006 12:00:27.54
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
wyrdrune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2006, 08:18 PM   #27 (permalink)
Analyst, Security Team ; TSF Supporter
 
fredmh's Avatar
 
Join Date: May 2006
Location: Phila,Pa
Posts: 2,335
OS: XP


We're going to try and get rid of VS Toolbar through HJT.
  • Open HiJack This
  • Click on Open Misc Tools
  • Click on Open Uninstall Manager
  • Highlight VSToolbar
  • Click on Delete this entry
  • Close HJT

----------------------------------------

Congratulations. Your logs are now clean. Please complete the next "housekeeping" steps and read through the
information below

----------------------------------------

Windows XP - Reset Hidden Files

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

----------------------------------------

CLEAR AVG A/S QUARANTINE
  • Launch AVG A/S
  • Click on Show Quarantine
  • Click on Select All
  • Click on Remove Finally
  • Close AVG A/S

----------------------------------------

CLEAR NORTON QUARANTINE


Please follow the instructions HERE to clear Norton's Quarantine.

----------------------------------------

RE-ENABLE ANTI-SPYWARE APPLICATIONS

If you were instructed to dis-able Anti-spyware applications during this fix, you may re-enable them

----------------------------------------

Please read through the following information to help protect your computer in the future.


KEEP YOUR OPERATING SYSTEM UPDATED

Please ensure that you have already patched your system against the recent WMF exploit. Go to this page to get the KB912919 patch

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser
up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft
and download all the critical updates to help prevent possible re-infection.


ENABLE WINDOWS AUTO UPDATE

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


TOOLS TO HELP KEEP YOUR SYSTEM CLEAN

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
  • After you have updated, click the button - enable protection for all unprotected items


SpywareGuard to catch and block spyware before it can execute.


SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its
TeaTimer option.
This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with
the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here


AD-AWARE Download and install Ad-Aware. You should use this program to scan
your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product
can be found here


IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list.
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain

A tutorial for IE-SPYAD can be found here


MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file
with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to
those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
  • Click Next, click Next, select the option:
    "Show Extracted files"
  • Click Finish

This will open the newly created hosts folder on your Desktop.

Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated
HOSTS file to the correct location on your machine.


MCAFEE SITE ADVISOR SITE ADVISOR is a free IE plug-in (also suport for Firefox browser)
which is used in conjunction with the Google search engine. It advises which web sites are considered safe and which sites could pose a problem.
It also shows what problems were encountered with each site, such as malicious downloads, spam, and related links.


ANTI-VIRUS AND FIREWALL PROGRAMS


ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial

Here are some very good free Antivirus products which are available:



If you do not have a firewall, here are 4 free ones available for personal use:

Understanding and Using Firewalls


INFORMATIONAL READING


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:



Please respond one more time and let me know you received this post so it can be marked resolved
fredmh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-23-2006, 06:17 PM   #28 (permalink)
Registered User
 
Join Date: Sep 2006
Posts: 19
OS: XP


I received the post and have followed the instructions. Thank you VERY much..

Best,
Puraj
wyrdrune is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:50 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85