Virus/Trojan issuee~!
I have a virus againnnnn 
I know what caused it or at least i think i do so i deleted the program but I can't remove the virus's. I keep gettin the win32 virus.
Someone please help me remove it.
I know what caused it or at least i think i do so i deleted the program but I can't remove the virus's. I keep gettin the win32 virus.Someone please help me remove it.
0
Comments
Please read this thread
Steps To Take Before Posting a HijackThis Log!
Post back at least Kaspersky's log and HijackThis log.
1st, the ATF cleaner freezes on me right hwen i click clean or w/e the button is, goes into the not responding mode.
2nd, i hvae kasperskky already so i wasn't able to d/l the file and do the free scan sicne i already had it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:07 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 9125 bytes
You have Spy Sweeper installed. Is it trial version or do you have subscription?
Can you do a system scan with it?
Step 1:
Please download to your Desktop
CCleaner
Deckard's System Scanner
Step 2:
Click Start > Run
Type (or copy & paste) sc stop "Symantec Core LC" and click OK
Click Start > Run
Type (or copy & paste) sc delete "Symantec Core LC" and click OK
Step 3:
Install and run CCleaner.
CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history.
- Click the "Run Cleaner" button and it will scan and clean your system.
- Click exit.
- Restart the computer.
Jahewi's CCleaner guide.http://www.jahewi.nl/ccleaner/quick/quick.html
Step 3:
Run Deckard's System Scanner
Attention: You must be logged onto an account with administrator privileges.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**Scan saved at 10:07:46 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8325 bytes
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.534 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.
2008-02-06 20:32 . 2008-02-06 20:32 <DIR> d
C:\SDFix
2008-02-04 16:59 . 2008-02-04 16:59 244 --ah
C:\sqmnoopt07.sqm
2008-02-04 16:59 . 2008-02-04 16:59 232 --ah
C:\sqmdata07.sqm
2008-02-04 16:02 . 2008-02-04 16:02 <DIR> d
C:\Program Files\iPod
2008-02-04 14:34 . 2008-02-04 14:34 244 --ah
C:\sqmnoopt06.sqm
2008-02-04 14:34 . 2008-02-04 14:34 232 --ah
C:\sqmdata06.sqm
2008-02-03 20:43 . 2008-02-03 20:43 <DIR> d
C:\Program Files\Microsoft IntelliType Pro
2008-02-03 14:02 . 2008-02-03 14:03 <DIR> d
C:\Program Files\CCleaner
2008-02-02 20:03 . 2008-02-02 20:03 244 --ah
C:\sqmnoopt05.sqm
2008-02-02 20:03 . 2008-02-02 20:03 232 --ah
C:\sqmdata05.sqm
2008-01-31 00:51 . 2008-01-31 00:51 244 --ah
C:\sqmnoopt04.sqm
2008-01-31 00:51 . 2008-01-31 00:51 232 --ah
C:\sqmdata04.sqm
2008-01-30 22:44 . 2008-01-30 22:44 244 --ah
C:\sqmnoopt03.sqm
2008-01-30 22:44 . 2008-01-30 22:44 232 --ah
C:\sqmdata03.sqm
2008-01-29 14:41 . 2008-01-29 14:41 <DIR> d
C:\Program Files\uTorrent
2008-01-29 14:41 . 2008-02-01 04:31 <DIR> d
C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-29 03:15 . 2007-06-05 10:56 44,928 --a
C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-29 03:15 . 2007-06-08 09:44 8,576 --a
C:\WINDOWS\system32\drivers\btfjyfloivib.sys
2008-01-29 03:03 . 2008-01-29 03:03 30,590 --a
C:\WINDOWS\system32\pavas.ico
2008-01-29 03:02 . 2008-01-29 05:26 <DIR> d
C:\WINDOWS\system32\ActiveScan
2008-01-28 22:11 . 2008-01-28 22:14 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 17:34 . 2008-01-27 17:34 244 --ah
C:\sqmnoopt02.sqm
2008-01-27 17:34 . 2008-01-27 17:34 232 --ah
C:\sqmdata02.sqm
2008-01-22 16:06 . 2008-01-04 20:34 20,336 --a
C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-22 16:04 . 2008-01-22 16:04 164 --a
C:\install.dat
2008-01-15 14:36 . 2008-01-15 14:36 <DIR> d
C:\Program Files\MSECache
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a
C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a
C:\WINDOWS\system32\QuickTime.qts
2008-01-10 01:17 . 2008-01-10 01:40 <DIR> d
C:\Documents and Settings\Owner\Contacts
2008-01-10 01:14 . 2008-01-10 01:14 268 --ah
C:\sqmdata01.sqm
2008-01-10 01:14 . 2008-01-10 01:14 244 --ah
C:\sqmnoopt01.sqm
2008-01-07 13:13 . 2008-01-07 13:13 268 --ah
C:\sqmdata00.sqm
2008-01-07 13:13 . 2008-01-07 13:13 244 --ah
C:\sqmnoopt00.sqm
2008-01-07 00:23 . 2008-01-07 00:36 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-07 00:22 . 2008-01-07 00:45 <DIR> d
C:\Program Files\Windows Live
2008-01-07 00:22 . 2008-01-07 00:43 <DIR> d
C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 04:37 230,944 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-07 04:37 19,052,576 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 01:21
d
w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-05 00:41 249,692 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-05 00:41 22,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-05 00:03
d
w C:\Program Files\iTunes
2008-02-04 23:58
d
w C:\Program Files\QuickTime
2008-01-29 09:24
d
w C:\Program Files\Spybot - Search & Destroy
2008-01-29 06:11
d
w C:\Program Files\Lavasoft
2008-01-29 06:10
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 00:01 54,480 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 07:40 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 07:40 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-01-07 00:04
d
w C:\Program Files\PCI Audio Applications
2008-01-05 04:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 04:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 04:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 04:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 05:58
d
w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2008-01-04 05:56
d
w C:\Program Files\K-Lite Codec Pack
2007-12-29 11:25
d
w C:\Program Files\Webroot
2007-12-29 11:25
d
w C:\Documents and Settings\Owner\Application Data\Webroot
2007-12-29 11:25
d
w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-29 11:25
d
w C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-29 09:59
d
w C:\Program Files\Kaspersky Lab
2007-12-29 09:57
d
w C:\Program Files\iPhoneBrowser
2007-12-29 09:47
d
w C:\Program Files\SUPERAntiSpyware
2007-12-29 09:47
d
w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-28 00:35
d
w C:\Program Files\Java
2007-12-28 00:33
d
w C:\Program Files\Common Files\Java
2007-12-28 00:21
d
w C:\Program Files\Viewpoint
2007-12-28 00:21
d
w C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-12-28 00:21
d
w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-24 21:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 03:37
d
w C:\Program Files\Google
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-10-03 10:43 2,402,550 ----a-w C:\WINDOWS\inf\SETB9.tmp
2006-10-03 10:43 2,402,550 ----a-w C:\WINDOWS\inf\SET87.tmp
2001-11-23 03:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 19:00 99840]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 33280 C:\WINDOWS\system32\rundll32.exe]
"POINTER"="point32.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 20:48 180269]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a
2005-06-06 22:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra
2002-09-16 23:55 1622016 C:\WINDOWS\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a
2006-08-25 11:11 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a
2006-08-25 11:11 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a
2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a
2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a
2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra
2001-12-31 08:04 3756032 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a
2001-12-31 08:04 46080 C:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra
2001-12-31 08:04 831488 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a
2003-12-08 16:35 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a
2006-10-27 08:41 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a
2006-12-08 00:32 1249280 C:\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a
2006-06-17 20:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a
2007-02-13 10:29 35328 C:\Program Files\Winamp\winampa.exe
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2001-12-31 08:04]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2001-12-31 08:04]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;C:\WINDOWS\system32\DRIVERS\itsernum.sys [2001-08-21 10:48]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 20:37:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-06 20:38:19
ComboFix-quarantined-files.txt 2008-02-07 04:38:15
ComboFix2.txt 2007-12-21 09:11:24
ComboFix3.txt 2007-12-18 18:14:46
.
2008-01-23 11:11:55 --- E O F ---
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.07 -
Authentium 4.93.8 2008.02.06 -
Avast 4.7.1098.0 2008.02.07 -
AVG 7.5.0.516 2008.02.07 -
BitDefender 7.2 2008.02.07 -
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.07 -
DrWeb 4.44.0.09170 2008.02.07 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5520 2008.02.07 -
Ewido 4.0 2008.02.07 -
FileAdvisor 1 2008.02.07 -
Fortinet 3.14.0.0 2008.02.07 -
F-Prot 4.4.2.54 2008.02.07 -
F-Secure 6.70.13260.0 2008.02.07 -
Ikarus T3.1.1.20 2008.02.07 -
Kaspersky 7.0.0.125 2008.02.07 -
McAfee 5225 2008.02.07 -
Microsoft 1.3204 2008.02.07 -
NOD32v2 2857 2008.02.07 -
Norman 5.80.02 2008.02.07 -
Panda 9.0.0.4 2008.02.07 -
Prevx1 V2 2008.02.08 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.07 -
Sunbelt 2.2.907.0 2008.02.07 -
Symantec 10 2008.02.07 -
TheHacker 6.2.9.212 2008.02.07 -
VBA32 3.12.6.0 2008.02.07 -
VirusBuster 4.3.26:9 2008.02.07 -
Webwasher-Gateway 6.6.2 2008.02.07 -
Additional information
File size: 8576 bytes
MD5: d7dbfbc453b645111e6d21142305e80b
SHA1: e134b78030cfca8dbfd0af144193fc445db86572
PEiD: -
What, exactly, Kaspersky says? What kind of threat it is? Is it a file or what?
Waiting your reply.
C:\WINDOWS\inf\SETB9.tmp
C:\WINDOWS\inf\SET87.tmp
Scan these one by one. And post the results here.
You may want to print out these instructions or save them as a text file with Notepad to your desktop because we will be restarting into Safe Mode later on in the fix.
Step 1:
Please download to your Desktop
ATF Cleaner
AVG Anti-Spyware
Step 2:
Run ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
If you use Firefox browserUnder Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
If you use Opera browserClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click Exit on the Main menu to close the program.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Step 3:
Install and update AVG Anti-Spyware
After the installation, a free 30-day trial version containing all the extensions of the full version will be activated. At the end of the trial, these extensions will be deactivated and the program will turn into a feature-limited freeware version.
- Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Do not automatically generate report"
- Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Step 4:
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Step 5:Important: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.
Once the scan is complete do the following:
Waiting your reply.
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 10.
Estimated start time is between 66 and 95 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.10 -
Authentium 4.93.8 2008.02.10 -
Avast 4.7.1098.0 2008.02.10 -
AVG 7.5.0.516 2008.02.10 -
BitDefender 7.2 2008.02.10 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.10 -
DrWeb 4.44.0.09170 2008.02.10 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.10 -
FileAdvisor 1 2008.02.10 -
Fortinet 3.14.0.0 2008.02.10 -
F-Prot 4.4.2.54 2008.02.10 -
F-Secure 6.70.13260.0 2008.02.10 -
Ikarus T3.1.1.20 2008.02.10 -
Kaspersky 7.0.0.125 2008.02.10 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.10 -
NOD32v2 2862 2008.02.10 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.10 -
Prevx1 V2 2008.02.10 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.10 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.10 -
TheHacker 6.2.9.215 2008.02.09 -
VBA32 3.12.6.0 2008.02.10 -
VirusBuster 4.3.26:9 2008.02.10 -
Webwasher-Gateway 6.6.2 2008.02.10 -
Additional information
File size: 2402550 bytes
MD5: 0c308738379ffa5c150adb8be2ed088d
SHA1: a728831d57986633214543fd34afb47ef9ad5c14
PEiD: -
packers: Unicode
packers: Unicode
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 15.
Estimated start time is between 82 and 118 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.10 -
Authentium 4.93.8 2008.02.10 -
Avast 4.7.1098.0 2008.02.10 -
AVG 7.5.0.516 2008.02.10 -
BitDefender 7.2 2008.02.10 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.10 -
DrWeb 4.44.0.09170 2008.02.10 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.10 -
FileAdvisor 1 2008.02.10 -
Fortinet 3.14.0.0 2008.02.10 -
F-Prot 4.4.2.54 2008.02.10 -
F-Secure 6.70.13260.0 2008.02.10 -
Ikarus T3.1.1.20 2008.02.10 -
Kaspersky 7.0.0.125 2008.02.10 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.10 -
NOD32v2 2862 2008.02.10 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.10 -
Prevx1 V2 2008.02.10 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.10 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.10 -
TheHacker 6.2.9.215 2008.02.09 -
VBA32 3.12.6.0 2008.02.10 -
VirusBuster 4.3.26:9 2008.02.10 -
Webwasher-Gateway 6.6.2 2008.02.10 -
Additional information
File size: 2402550 bytes
MD5: 0c308738379ffa5c150adb8be2ed088d
SHA1: a728831d57986633214543fd34afb47ef9ad5c14
PEiD: -
packers: Unicode
packers: Unicode
I haven't seen any viruses, or other malwares in your logs. They looks pretty good.
Can you please do a scan with AVG Anti-Spyware just to make sure.
Please download SuperAntiSpyware Free
Install the program
- Run SuperAntiSpyware and click: Check for updates
- Once the update is finished, on the main screen, click: Scan your computer
- Check: Perform Complete Scan
- Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
- Click: Preferences
- Click the Statistics/Logs tab
- Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.
( you can uninstall AVG Anti-Spyware )
http://www.google.fi/search?aq=f&hl=fi&client=firefox-a&channel=s&rls=org.mozilla%3Afi%3Aofficial&q=backup+favorites+internet+explorer+7&btnG=Hae&meta=
http://www.google.fi/search?aq=f&hl=fi&client=firefox-a&channel=s&rls=org.mozilla%3Afi%3Aofficial&q=backup+favorites+firefox&btnG=Hae&meta=
hell ya that worked! thanks a bunch dude!
BTW i didnt run the antiprog b/c im on a new computer now. Im sorry i forgot to update you on that. Im using that HD as a Slave now tho.
Glad I was able to help you.