Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page please help tr/pck.klone.g.97 virus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-28-2006, 10:17 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


Evil please help tr/pck.klone.g.97 virus
here is my hijack log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:13:53 PM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifi

er.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TY...cale=EN_US&c=Q

106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TY...locale=EN_US&c

=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.revolutiontt.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TY...locale=EN_US&c

=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TY...cale=EN_US&c=Q

106&bd=presario&pf=desktop
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,

S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP

Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program

Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program

Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON

Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program

Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifi

er.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program

Files\uTorrent\utorrent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,

S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help -

{E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,

S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) -

http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windowsu...ls/en/x86/clie

nt/wuweb_site.cab?1148939087676
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)

- http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler

(AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard

(AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir

PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe



This virus is cloning program files on my pc. i also think that this is what is stopping my virus program from starting too. any help here would great. thank you all for the help.
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-30-2006, 01:21 AM   #2 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


so i take it your all very busy or no one has any idea about this virus. well i thank those of you that at least stopped and looked at my post. i am sure some one can and will help me. i under stand these things take time.
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-30-2006, 02:48 AM   #3 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Hi buckshot1997,

Welcome to Tech Support Forums!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here’s what we do first.

Please download and install SUPERAntiSpyware
  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer, and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.


NEXT:

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the Windows tab.
  • Select the following:
    • Check everything under the Internet Explorer section.
    • Check everything under the Windows Explorer section.
    • Check everything under the System section.
    • Check ONLY Old Prefetch data under the Advanced section.
  • Then, click the Applications tab:
    • UNCHECK everything there.
  • Next, click the Options button, then click the Advanced button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner:
  • Click on Kaspersky Online Scanner.
  • You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Now under select a target to scan:
    • Select My Computer.
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As button.
    • In the File name: field, type kavscan.
    • In the Save as type: field, select Text file (*.txt).
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


NEXT:

Please reboot your computer normally into Windows, and then please post the SUPERAntiSpyware log, the log from the Kaspersky scan, and a new HijackThis log.

How are things running now?
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-30-2006, 12:14 PM   #4 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


here is the superantispyware log:


SUPERAntiSpyware Scan Log
Generated 10/30/2006 at 02:00 PM

Application Version : 3.3.1020

Core Rules Database Version : 3116
Trace Rules Database Version: 1139

Scan type : Complete Scan
Total Scan Time : 00:13:59

Memory items scanned : 367
Memory threats detected : 0
Registry items scanned : 5282
Registry threats detected : 1
File items scanned : 25572
File threats detected : 107

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkyugdpsaq.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ford.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whkiciazilp.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgi-bin[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a.websponsors[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@vhost.oddcast[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@screensavers.us.intellitxt[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@screensavers[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adecn[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkykkc5afp.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@admarketplace[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjl4oldzslo.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkowgdpkcp.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kanoodle[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@122.2o7[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mb[5].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@nextag[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkiajdjcho.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfkoencpwgq.stats.esomniture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@onlinerewardcenter[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.screensavers[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070425503[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicksor[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wglognajgao.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@login.tracking101[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfmiopdjsfp.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@roiservice[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfloegdzshp.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adknowledge[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@qnsr[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.adtrak[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anat.tacoda[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@keywordmax[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@coolsavings[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjnyskazmdq.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data2.perf.overture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@spamblockerutility[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cz6.clickzs[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cz7.clickzs[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjny-1nc5if.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjny-1id5kl.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@try.starware[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@banner[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data3.perf.overture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bannerspace[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071832405[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.glispa[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@partner2profit[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkygoc5mao.stats.esomniture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@anad.tacoda[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data1.perf.overture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071332492[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@i.screensavers[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlysgdzaap.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mb[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1070947877[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@network.realmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlocidjwgo.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.monster[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@belnk[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@73403369[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@directtrack[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.euroclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www2.nextag[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1068749223[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wfloqid5cdo.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.desktopwallpapers[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@popularscreensavers[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlowidzmep.stats.esomniture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@24296[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@h.starware[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cpvfeed[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkocjc5cep.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@24290[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@popularmedia.directtrack[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adopt.hbmediapro[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071057781[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1071635636[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjlyspdjalq.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dist.belnk[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@1072715059[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6whkoggcjkgp.stats.esomniture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mb[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@optimost[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mb[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wgkiopajwap.stats.esomniture[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cz4.clickzs[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@e-2dj6wjkokjcpwdp.stats.esomniture[2].txt

Adware.WhenU
HKLM\Software\WhenUSave


going to run the rest of the programs now
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-30-2006, 02:58 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


ok here is the kavscan log:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 30, 2006 4:57:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/10/2006
Kaspersky Anti-Virus database records: 236471
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan Statistics:
Total number of scanned objects: 48953
Number of viruses found: 2
Number of infected objects: 120 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:48:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012006103020061031\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_6f8.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF497D.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files\Yahoo!\Messenger\SP.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\ypager.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP10\change.log Object is locked skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006594.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006598.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006599.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006600.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006601.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006602.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006603.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006604.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006605.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006606.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006607.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006608.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006609.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006610.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006611.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006612.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006613.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006614.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006615.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006616.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006617.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006618.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006619.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006620.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006621.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006622.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006623.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006624.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006625.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006626.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006627.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006628.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006629.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006630.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006631.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006632.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006633.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006634.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006635.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006636.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006637.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006638.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006639.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006646.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006647.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006648.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006649.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006650.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006651.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006652.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006654.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP5\A0006658.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006682.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006683.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006685.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006686.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006687.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006688.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006689.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006690.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006691.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006692.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006693.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006694.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006695.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006696.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006697.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006698.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006699.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006700.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006701.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006702.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006703.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006704.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006705.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006706.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006707.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006708.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006709.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006710.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006711.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006712.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006713.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006714.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006715.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006716.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006717.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006718.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006719.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006720.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006721.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006722.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006723.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006724.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006725.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006726.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006727.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006728.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006729.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006730.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006731.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006732.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006733.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006734.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006735.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006736.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006737.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006738.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006739.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006740.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006741.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006742.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006743.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006744.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006745.EXE Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006746.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006747.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006748.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP6\A0006749.exe Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{17F83BC3-4BBC-4485-BDF3-B9C9A727B502}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{59D15022-EE7F-4CC0-876A-973629D95310}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4157.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


thank you very much for the help.
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-30-2006, 03:01 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


here is the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 5:01:14 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Revolution
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148939087676
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

thank you again
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2006, 12:44 AM   #7 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Hi buckshot1977,

You’re most welcome, buckshot1977.

It looks like your Klone infection is a benign one. They are all in your system restore points. These are not active and don’t pose a danger to your system. As time goes by, your system will create new restore points and automatically delete the infected ones.

We can help you create a new (clean) restore point once we are sure your system is clean.

Let's run another diagnostic scan to make sure we're not leaving anything behind.

Please download ComboFix by sUBs:
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION : Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2006, 09:04 AM   #8 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


combo fix log file:

Compaq_Owner - 06-10-31 11:01:40.12 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop\virus fix"

((((((((((((((((((((((((((((((( Files Created from 2006-09-31 to 2006-10-31 ))))))))))))))))))))))))))))))))))


2006-10-30 22:01 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2006-10-30 22:01 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll
2006-10-30 22:01 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-10-30 22:01 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2006-10-30 22:01 23,936 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2006-10-30 22:01 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-10-30 22:01 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2006-10-30 22:01 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2006-10-30 22:01 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2006-10-30 13:50 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-10-30 13:50 0 --a------ C:\WINDOWS\ORUN32.EXE
2006-10-25 14:28 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-25 14:28 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-25 14:28 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-10-22 20:26 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-31 11:02 -------- d-------- C:\Program Files\PeerGuardian2
2006-10-31 11:01 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2006-10-30 22:01 -------- d-------- C:\Program Files\Windows Media Player
2006-10-30 22:01 -------- d-------- C:\Program Files\CyberLink
2006-10-30 14:15 -------- d-------- C:\Program Files\CCleaner
2006-10-30 13:46 -------- d-------- C:\Program Files\SUPERAntiSpyware
2006-10-30 13:46 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2006-10-30 13:45 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-30 13:45 -------- d-------- C:\Program Files\Common Files
2006-10-28 11:09 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-10-21 17:18 -------- d-------- C:\Program Files\Google
2006-10-19 22:20 -------- d-------- C:\Program Files\uTorrent
2006-10-19 22:05 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-19 22:04 -------- d-------- C:\Program Files\WildTangent
2006-10-19 22:04 -------- d-------- C:\Program Files\Real
2006-10-19 22:02 -------- d-------- C:\Program Files\MSN
2006-10-19 22:02 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
2006-10-19 22:02 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
2006-10-19 22:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-19 22:01 -------- d-------- C:\Program Files\iPod
2006-10-19 21:56 -------- d-------- C:\Program Files\HP
2006-10-19 21:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-10-19 21:51 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-19 21:51 -------- d-------- C:\Program Files\Adobe
2006-09-28 12:32 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2006-09-13 22:10 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"µTorrent"="\"C:\\Program Files\\uTorrent\\utorrent.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NetscapeClient"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-31 11:02:23.25
C:\ComboFix.txt ... 06-10-31 11:02



hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:38 AM, on 10/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Revolution
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148939087676
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe



once again thank you very much for all your help.
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2006, 11:17 PM   #9 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Hi buckshot1977,

You’re most welcome, buckshot1977.

Just some loose ends to tie up, and then we can let you go home. :)


To create a new system restore point:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Click Create A Restore Point then click Next. Give it a name and then click Create.
  • When the confirmation screen shows the restore point has been created click Close.
  • Then go to Start -> Run and type CLEANMGR.
  • Disk Cleanup will open and start calculating the amount of space that can be freed.
  • Once that’s finished it will open the Disk Cleanup options screen, click the More Options tab.
  • Click Clean Up in the System Restore section and choose Yes at the confirmation window.

This will remove all previous restore points except the newly created one.


NEXT:

Your version of Sun Java is out-of-date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older Java version components and update:
  • CLICK HERE to download the offline installer.
    • Select Java Runtime Environment (JRE) 5.0 Update 9 and click the Download button to the right.
    • Check the box that says Accept License Agreement.
    • Click on the link to download Windows Offline Installation, Multi-language.
    • Save the file to your desktop.
  • Next, uninstall your currently installed version from Add/Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version it leaves the older versions still installed, complete with previous vulnerabilities.
  • Examples of older versions in Add/Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Reboot your system.
  • Install the new version by double-clicking on the file you downloaded.


NEXT:

Everything looks great --- your HijackThis log appears to be clean. :)

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware SE
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware SE and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • AVG Anti-Spyware
    This is an excellent FREE scanner to look for trojans and other nasties that might be residing in your system.
    User Manual: How to use!

  • SUPERAntiSpyware
    This is another excellent FREE scanner to look for nasties that might be lurking in your system. SUPERAntiSpyware and AVG Anti-Spyware compliment each other very well.
    Quick Guide: How to use!

Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck! :D



Please respond one more time and let me know you received this post, so that it can be marked as resolved, unless you have other problems.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2006, 11:38 AM   #10 (permalink)
Registered User
 
Join Date: Dec 2004
Posts: 52
OS: xp


thank you very much for all your help. everything seems to be running great on this end again. i am just glad there are people like you out there. this is a great site and you all have help me alot. you all have my deepest thanks.
buckshot1977 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:01 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85