Options
pop up trojan HELP
hello,
I've been having a problem with a trojan virus on my computer for quite sometime. the virus scan programs that i have say that its Trojan.Dropper.Win32.VB.me but nothing seems to get rid of it. the pop ups keep coming back and they're starting to get worse
thanks
KASPERSKY ONLINE SCANNER REPORT
Monday, September 10, 2007 6:59:24 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 10/09/2007
Kaspersky Anti-Virus database records: 410677
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 103541
Number of viruses found: 10
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 01:55:43
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\ispnews\ispn.ini Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\ispnews\ispnc.items Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\ispnews\ispnr.items Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\history.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\key3.db Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kali Dion\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Working\database_7B5A_A2D9_4018_9797\dfsr.db Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Working\database_7B5A_A2D9_4018_9797\fsr.log Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Working\database_7B5A_A2D9_4018_9797\tmp.edb Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Windows Live Contacts\kalijdion@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\CE9C739Ad01 Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temp\~DF2E41.tmp Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temp\~DF5A93.tmp Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temp\~DF5AC1.tmp Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\8B78UD9U\index[3].htm Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\SQ44PYYY\wm[1].htm Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\SQ44PYYY\wm[2].htm Object is locked skipped
C:\Documents and Settings\Kali Dion\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kali Dion\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\Shaw Secure\Common\policy.bpf Object is locked skipped
C:\Program Files\Shaw Secure\Common\policy.ipf Object is locked skipped
C:\Program Files\Shaw Secure\FSAUA\fsbwupst.log Object is locked skipped
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\WinTouch\WinTouch.0xe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\A0050533.exe Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\A0050699.dll Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\A0050700.exe Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\change.log Object is locked skipped
C:\WINDOWS\111uninst.0xe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\MS055349510753.0XE Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\NDNuninstall6_38.exe Object is locked skipped
C:\WINDOWS\NDNuninstall7_48.exe Object is locked skipped
C:\WINDOWS\RAYIOU.0XE Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C7A19223-94CB-4FA4-8157-04DB474873D6}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8900D025-6547-4FB6-A0EA-9DE43AD98AE4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0002 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0005 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0006 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0007 Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0009 Infected: Trojan-Clicker.Win32.VB.po skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe NSIS: infected - 11 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\micro1\a1.exe Object is locked skipped
C:\WINDOWS\system32\micro1\a4.exe Object is locked skipped
C:\WINDOWS\system32\micro1\mac7.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\micro1\mac7.exe/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\system32\micro1\mac7.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\micro1\mac7.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ASHeuristic\RAYIOU_0XE.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\WINDOWS\Temp\ASHeuristic\WinTouch_0xe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\WINDOWS\Temp\AVP654C.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP654D.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP6550.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP6551.tmp Object is locked skipped
C:\WINDOWS\uni_eh10.0xe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\VTTC.exe Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 2:23:08 PM, on 10/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kali Dion\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E1C0F8E9-CC57-4FEF-A591-F2E3947640B5} - C:\Program Files\NetMeeting\menoxuga.dll (file missing)
O2 - BHO: 0 - {E67C1A0F-8D38-48EF-0E89-DD34B31582F3} - C:\Program Files\MSN\quza.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [ms055349510753] C:\WINDOWS\ms055349510753.exe
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\system32\micro1\eno36.exe SKY003
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\rayiou.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA9172] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC126] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6060] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2797] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Kali Dion\Local Settings\Temp\{AC31892E-180C-4658-B8DC-0D147F9EB52C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
I've been having a problem with a trojan virus on my computer for quite sometime. the virus scan programs that i have say that its Trojan.Dropper.Win32.VB.me but nothing seems to get rid of it. the pop ups keep coming back and they're starting to get worse
thanks
KASPERSKY ONLINE SCANNER REPORT
Monday, September 10, 2007 6:59:24 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 10/09/2007
Kaspersky Anti-Virus database records: 410677
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 103541
Number of viruses found: 10
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 01:55:43
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\ispnews\ispn.ini Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\ispnews\ispnc.items Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\ispnews\ispnr.items Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\history.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\key3.db Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kali Dion\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Working\database_7B5A_A2D9_4018_9797\dfsr.db Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Working\database_7B5A_A2D9_4018_9797\fsr.log Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Messenger\kalijdion@hotmail.com\SharingMetadata\Working\database_7B5A_A2D9_4018_9797\tmp.edb Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Microsoft\Windows Live Contacts\kalijdion@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\CE9C739Ad01 Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temp\~DF2E41.tmp Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temp\~DF5A93.tmp Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temp\~DF5AC1.tmp Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\8B78UD9U\index[3].htm Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\SQ44PYYY\wm[1].htm Object is locked skipped
C:\Documents and Settings\Kali Dion\Local Settings\Temporary Internet Files\Content.IE5\SQ44PYYY\wm[2].htm Object is locked skipped
C:\Documents and Settings\Kali Dion\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kali Dion\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\Shaw Secure\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\Shaw Secure\Common\policy.bpf Object is locked skipped
C:\Program Files\Shaw Secure\Common\policy.ipf Object is locked skipped
C:\Program Files\Shaw Secure\FSAUA\fsbwupst.log Object is locked skipped
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\WinTouch\WinTouch.0xe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\A0050533.exe Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\A0050699.dll Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\A0050700.exe Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP476\change.log Object is locked skipped
C:\WINDOWS\111uninst.0xe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\MS055349510753.0XE Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\NDNuninstall6_38.exe Object is locked skipped
C:\WINDOWS\NDNuninstall7_48.exe Object is locked skipped
C:\WINDOWS\RAYIOU.0XE Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C7A19223-94CB-4FA4-8157-04DB474873D6}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8900D025-6547-4FB6-A0EA-9DE43AD98AE4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0002 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0004 Infected: Trojan.Win32.BHO.ab skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0005 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0006 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0007 Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0008 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe/data0009 Infected: Trojan-Clicker.Win32.VB.po skipped
C:\WINDOWS\system32\bund1\ClientBundle1.exe NSIS: infected - 11 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\micro1\a1.exe Object is locked skipped
C:\WINDOWS\system32\micro1\a4.exe Object is locked skipped
C:\WINDOWS\system32\micro1\mac7.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\micro1\mac7.exe/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\system32\micro1\mac7.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\system32\micro1\mac7.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ASHeuristic\RAYIOU_0XE.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\WINDOWS\Temp\ASHeuristic\WinTouch_0xe.vir Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\WINDOWS\Temp\AVP654C.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP654D.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP6550.tmp Object is locked skipped
C:\WINDOWS\Temp\AVP6551.tmp Object is locked skipped
C:\WINDOWS\uni_eh10.0xe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\VTTC.exe Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 2:23:08 PM, on 10/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kali Dion\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E1C0F8E9-CC57-4FEF-A591-F2E3947640B5} - C:\Program Files\NetMeeting\menoxuga.dll (file missing)
O2 - BHO: 0 - {E67C1A0F-8D38-48EF-0E89-DD34B31582F3} - C:\Program Files\MSN\quza.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [ms055349510753] C:\WINDOWS\ms055349510753.exe
O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\system32\micro1\eno36.exe SKY003
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\rayiou.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA9172] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC126] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6060] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2797] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Kali Dion\Local Settings\Temp\{AC31892E-180C-4658-B8DC-0D147F9EB52C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
0
Comments
After that download
ComboFix from here or here
ATF Cleaner from here
AVG Anti-Spyware from here
Step 1: Run ATF Cleaner
Note: this program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
If you use Firefox browserUnder Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
If you use Opera browserClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click Exit on the Main menu to close the program.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Step 2: Run ComboFix
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you.
- Save the log to your desktop.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.Step 3: Run AVG Anti-Spyware
In normal mode
- Click the Shield icon
- Under the "Resident shield is" click active to make it inactive
- Close AVG Anti-Spyware
=============================================Reboot your computer to save mode
- If the computer is running, shut down Windows, and then turn off the power
- Wait 30 seconds, and then turn the computer on
- Start tapping the F8 key
- The Windows Advanced Options Menu appears
- Ensure that the Safe Mode option is selected
- Press Enter. The computer then begins to start in Safe mode
- Login on your usual account
=============================================In safe mode
- Close all open windows / programs / folders
- Start AVG Anti-Spyware
- Click the Scanner icon
- Click Complete System Scan
- Let the program scan the machine
- When the scan has finished, follow the instructions below
- Make sure that under "Set all elements to" read Quarantine (If not, click the text and choose Quarantine)
- Click Apply all actions
- Click Save Report
- Click Save reports as
- Save report to your Desktop
Reboot your computer.=============================================
Please post ComboFix log and AVG Anti-Spyware report, along with fresh HijackThis log. Thank you.
\LEGACY_CLIENT_IP-IPX
\LEGACY_CORE
\Client IP-IPX
\core ((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))) . 2007-09-11 17:40 51,200 --a
C:\WINDOWS\NirCmd.exe 2007-09-09 20:53 d
C:\WINDOWS\system32\Kaspersky Lab 2007-09-09 20:53 d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-09-09 19:30 d
C:\WINDOWS\system32\ActiveScan 2007-09-09 18:37 d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-09 16:56 d
C:\Program Files\Lavasoft 2007-09-09 16:56 d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-09-09 16:55 d
C:\Program Files\Common Files\Wise Installation Wizard 2007-09-09 15:49 434,252 --a
C:\WINDOWS\system32\MSVCRTD.DLL 2007-09-09 15:49 216,576 --a
C:\WINDOWS\system32\monln.dll 2007-09-09 15:49 d
C:\Program Files\Comodo 2007-09-09 15:49 d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo 2007-09-06 15:18 dr-h
C:\DOCUME~1\KALIDI~1\APPLIC~1\SecuROM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-09 20:17
d
C:\Program Files\QuickTime 2007-09-09 20:16
d
C:\Program Files\MSN Messenger 2007-09-09 20:13
d
C:\Program Files\iTunes 2007-09-09 20:12
d
C:\Program Files\Google 2007-09-09 20:08
d
C:\Program Files\Common Files\LightScribe 2007-09-09 19:44
d
C:\DOCUME~1\KALIDI~1\APPLIC~1\ispnews 2007-09-09 17:05
d
C:\DOCUME~1\KALIDI~1\APPLIC~1\AdobeUM 2007-09-06 15:08
d
C:\Program Files\EA GAMES 2007-08-17 19:23
d
C:\Program Files\Shaw Secure 2007-08-15 10:07 51040 --a
C:\WINDOWS\system32\drivers\fsdfw.sys 2007-08-15 10:07 30016 --a
C:\WINDOWS\system32\drivers\fsndis5.sys 2007-08-07 13:58 8320 --a
C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-08-07 13:56 9344 --a
C:\WINDOWS\system32\drivers\NSDriver.sys 2007-07-21 15:12
d
C:\DOCUME~1\Guest\APPLIC~1\HP 2007-07-21 15:12
d
C:\DOCUME~1\Guest\APPLIC~1\CyberLink 2007-07-11 17:01
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure 2007-07-11 16:59
d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg 2007-07-11 14:37 6272 --a
C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-06-13 04:23 1033216 --a
C:\WINDOWS\explorer.exe 2007-04-11 20:23 167 --a
C:\DOCUME~1\KALIDI~1\7569.bat 2007-04-11 19:35 167 --a
C:\DOCUME~1\KALIDI~1\5777.bat 2006-04-30 16:19:41 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1C0F8E9-CC57-4FEF-A591-F2E3947640B5}] C:\Program Files\NetMeeting\menoxuga.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E67C1A0F-8D38-48EF-0E89-DD34B31582F3}] C:\Program Files\MSN\quza.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 23:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 15:03] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 14:50] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 13:39] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 12:56] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 16:26] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45] "csr"="csrrs.exe" [] "ms055349510753"="C:\WINDOWS\ms055349510753.exe" [] "F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2007-04-26 05:43] "F-Secure TNB"="C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" [2007-04-26 05:41] "News Service"="C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" [2005-05-31 06:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "SfKg6w"="C:\WINDOWS\rayiou.exe" [] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 09:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 19:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "csr"=csrrs.exe C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 03:39:30] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\Shaw Secure\HIPS\fshs.sys R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys . Contents of the 'Scheduled Tasks' folder "2007-05-20 12:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-11 17:53:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-11 17:56:12 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-11 17:56 . --- E O F ---
AVG Anti-Spyware - Scan Report
+ Created at: 9:01:16 PM 11/09/2007 + Scan result: HKU\S-1-5-21-1725914071-3361960457-243129122-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined). C:\WINDOWS\system32\micro1\a1.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\qoobox\Quarantine\C\WINDOWS\system32\bund1\ClientBundle1.exe.vir -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\WINDOWS\RAYIOU.0XE -> Downloader.Agent.buo : Cleaned with backup (quarantined). C:\WINDOWS\uni_eh10.0xe -> Downloader.VB.tw : Cleaned with backup (quarantined). C:\qoobox\Quarantine\catchme2007-09-11_175332.04.zip/core.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined). :mozilla.40:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CA00ILHW.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CA9TCQ1D.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAD6AY18.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CADF9Y8F.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAF411K3.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAKVGJ8B.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAL6ZMTY.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAON66WW.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAPOZ2QC.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAF3RNEG.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.12:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.13:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.16:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.18:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.19:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.28:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.11:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.14:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.16:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.17:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.20:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.6:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.9:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAOW9A96.txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAH2KFS7.txt -> TrackingCookie.Clickbank : Cleaned. :mozilla.521:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Cnn : Cleaned. :mozilla.177:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Guest\Cookies\guest@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali_dion@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali_dion@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Guest\Cookies\guest@CAKLC3SC.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Guest\Cookies\guest@CA10KZSY.txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Guest\Cookies\guest@CASQ70HT.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.39:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.41:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.577:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.578:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali_dion@search.msn[1].txt -> TrackingCookie.Msn : Cleaned. :mozilla.430:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.431:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Netflame : Cleaned. :mozilla.432:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali_dion@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CA8EI27U.txt -> TrackingCookie.Overture : Cleaned. :mozilla.664:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAATUJYO.txt -> TrackingCookie.Statcounter : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali_dion@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.24:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\pt0lgmpz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.42:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CA2R3ZVR.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Guest\Cookies\guest@CAQXU8NL.txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Guest\Cookies\guest@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.43:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.44:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.45:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.46:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.47:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.48:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.49:C:\Documents and Settings\Kali Dion\Application Data\Mozilla\Firefox\Profiles\i4659r7r.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CABOVOQ7.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAX2C8TW.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Kali Dion\Cookies\kali dion@CAAPZNBU.txt -> TrackingCookie.Zedo : Cleaned. C:\WINDOWS\111uninst.0xe -> Trojan.VB.tg : Cleaned with backup (quarantined). C:\WINDOWS\MS055349510753.0XE -> Trojan.VB.tg : Cleaned with backup (quarantined). C:\WINDOWS\system32\micro1\mac7.exe -> Trojan.VB.tg : Cleaned with backup (quarantined). ::Report end
thanks
Now open HijackThis and click Do system scan only. [SIZE=-1]
Check mark the following entries:
[/SIZE] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E1C0F8E9-CC57-4FEF-A591-F2E3947640B5} - C:\Program Files\NetMeeting\menoxuga.dll (file missing)
O2 - BHO: 0 - {E67C1A0F-8D38-48EF-0E89-DD34B31582F3} - C:\Program Files\MSN\quza.dll (file missing)
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [ms055349510753] C:\WINDOWS\ms055349510753.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\rayiou.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
Click Fix Checked.
After that, please send a fresh HijackThis log.
[SIZE=-1]How is your computer running now? Is it still acting up?
[/SIZE]
the computer is running alot better, i haven't had a pop up since the first scans and it seems to be running faster
thanks!
Now you should update your Java to the latest version (6.0 update 2)