Freezing computer, undeletable file. Log inside.

Status
Not open for further replies.
L

LostInSpace

Baseband Member
Messages
24
I'm posting for a friend who has some problems posting on forums, his forum name is zhi. Here is his log

Logfile of HijackThis v1.99.1
Scan saved at 1:55:27 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Prevx 1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Prevx 1\PXConsole.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\FSI\F-Prot\F-StopW.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Z-Mak\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: netMonior Class - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Service] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx 1\PXConsole.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Z-Mak"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


He says his computer freezes up and there is a file called spybotd14 which he can't delete on his desk top
 
Im not totaly posative but try ctrl+alt+deleteing and ending the process... sometimes thats whats wrong - does it say its in use? Of course im a noob when it comes to viruses...
 
Please Download this zip file here
  • Unnzip it and double click the vbs script inside it
  • HJT will be moved from the temp folders and placed properly and opened ready to run
  • If you have a script blocker you might get a message warning about the script.
  • IT IS SAFE so allow it to run
Your Hijackthis is incomplete
Please post again
 
Logfile of HijackThis v1.99.1
Scan saved at 5:54:40 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Prevx 1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Prevx 1\PXConsole.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Documents and Settings\Z-Mak\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: netMonior Class - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Service] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx 1\PXConsole.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123346284281
O18 - Protocol: bw+0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BDF6B6B7-AD39-423E-9E7B-36E587C83D34} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: kfcsrv - C:\WINDOWS\System32\kfcsrv.dll
O21 - SSODL: Mozilla Firefox (1.0.4) - {514A69D7-716F-9576-5F26-BA75C7369091} - (no file)
O21 - SSODL: AOL Instant Messenger - {EFDEE5AC-64B7-F293-654F-44B319B64A53} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroSVC - Unknown owner - C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx - C:\Program Files\Prevx 1\PXAgent.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Please uninstall Logitec Desktop Messenger in Add/Remove Programs

Please print out these instructions or copy and paste them to notepad.
Save the .txt file to your desktop. You might not be able to access the internet in safe mode.

Download these programs

Ewido Security Suite
  • Install Ewido
    Uncheck these items Install ewido background guard and Install via context menu
    Update Ewido
    If you have a problem updates go here
    Don't run scan yet!!!!
CleanUp

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Instruction to boot into safemode
  • Press F8 a couple of times, Windows Advanced Options should appear, Scroll down to safe mode.
Run Ewido
  • Click on scanner, then click on Complete System Scan
    When Ewido finds something to have ewido automatically delete everything, click on the box little box at the bottom
    When scan completes, click on Save Report, save it to your desktop
Reboot into Normal Mode
Save the Report to your desktop

Post a fresh Hijackthis, ewido, and panda log
 
Ewido: ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:37:45 PM, 11/23/2005
+ Report-Checksum: 72C5EB5A

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
C:\WINDOWS\sys1038.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2221.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2222.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3154.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3155.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3710.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys379.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3857.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3858.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4259.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys430.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys433.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys440.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys443.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys445.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4830.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4831.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5131.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5132.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5926.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5927.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\42875.exe -> TrojanSpy.Banker.acd : Cleaned with backup
C:\WINDOWS\system32\664515.exe -> TrojanSpy.Banker.acd : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K96BGNID\ztoolbar[1].bmp -> Spyware.TNS-Search : Cleaned with backup


::Report End


Panda :
Incident Status Location

Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\vx.tll
Adware:adware/ilookup Not disinfected C:\Documents and Settings\Z-Mak\Favorites\Gambling
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Virus:Eicar.Mod Not disinfected C:\Program Files\FSI\F-Prot\fpav-help.chm[prob-scan-ok.html]
Virus:Eicar.Mod Not disinfected C:\Program Files\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[prob-scan-ok.html]


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:44 AM, on 11/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Prevx 1\PXConsole.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Prevx 1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Saga\Super Popup Blocker\popkill.exe
C:\Program Files\FSI\F-Prot\F-StopW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Z-Mak\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: netMonior Class - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Service] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx 1\PXConsole.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123346284281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: kfcsrv - C:\WINDOWS\System32\kfcsrv.dll (file missing)
O21 - SSODL: Mozilla Firefox (1.0.4) - {514A69D7-716F-9576-5F26-BA75C7369091} - (no file)
O21 - SSODL: AOL Instant Messenger - {EFDEE5AC-64B7-F293-654F-44B319B64A53} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroSVC - Unknown owner - C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx - C:\Program Files\Prevx 1\PXAgent.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Please copy and paste this reply to notepad. You will not be able to access the internet in safe mode.

Please Download this program

Pocket Killbox
Unzip it to your desktop

Please boot into safemode

Open Hijackthis
Click on Do System Scan Only
Fix these items

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: netMonior Class - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O4 - HKLM\..\Run: [Service] C:\WINDOWS\system32\service.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [color=dark blue] Don't fix this item if your administrator set these restrictions or you have Spybot's Homepage shield active[/color]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: kfcsrv - C:\WINDOWS\System32\kfcsrv.dll (file missing)


Open Killbox
Click on Standard File Kill
Copy and paste each file into Full Path of File to Delete
Click on X to delete each file
Killbox might give you a warning "Saying that the file doesn't exit." Just continue with the next file.

C:\WINDOWS\System32\popkill.dll
C:\WINDOWS\system32\service.exe
C:\WINDOWS\SYSTEM32\vx.tll

Reboot into Normal Mode

Please run scan with Kaspersky Online scan

Post a fresh Hijackthis and kaspersky log
 
Please include these lines also and fix them with HJT..

O21 - SSODL: Mozilla Firefox (1.0.4) - {514A69D7-716F-9576-5F26-BA75C7369091} - (no file)
O21 - SSODL: AOL Instant Messenger - {EFDEE5AC-64B7-F293-654F-44B319B64A53} - (no file)

Leftovers from a CoolWebSearch hijacker.
 
Kaspersky Scan:

------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 29, 2005 15:09:16
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/11/2005
Kaspersky Anti-Virus database records: 152405
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 46656
Number of viruses found: 28
Number of infected objects: 192
Number of suspicious objects: 0
Duration of the scan process: 3245 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\Fifoed\A0020412.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\Fifoed\A0020418.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\Fifoed\A0020434.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\Fifoed\A0020447.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\Fifoed\A0020459.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP118\A0020472.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP118\A0020479.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP118\A0020495.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP118\A0020526.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP118\A0020528.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP118\A0020534.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP119\A0020553.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP119\A0020564.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP119\A0020641.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP120\A0020664.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP120\A0020672.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP120\A0021672.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP120\A0021678.exe Infected: Trojan-PSW.Win32.FakeWGA
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP120\A0021684.dll Infected: Backdoor.Win32.Dumador.dd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP121\A0021754.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP124\A0021884.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP125\A0022013.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023064.dll Infected: Trojan-Downloader.Win32.Small.bdh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023065.dll Infected: Trojan-Downloader.Win32.Small.bdh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023066.dll Infected: Trojan-Downloader.Win32.Agent.pi
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023068.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023075.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023076.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023078.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023079.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023080.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP126\A0023081.exe Infected: Trojan-Dropper.Win32.Small.wv
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0029352.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0029353.exe Infected: Trojan-Spy.Win32.Banker.acd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0029355.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0029360.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030402.dll Infected: Trojan-Downloader.Win32.Small.bdh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030403.dll Infected: Trojan-Downloader.Win32.Small.bdh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030404.dll Infected: Trojan-Downloader.Win32.Agent.pi
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030406.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030413.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030414.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030415.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030417.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030418.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP128\A0030419.exe Infected: Trojan-Dropper.Win32.Small.wv
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP130\A0030742.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP158\A0032557.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP158\A0032702.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP158\A0032703.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP158\A0032704.dll Infected: Trojan-Downloader.Win32.Murlo.ar
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP158\A0032706.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP158\A0032768.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035229.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035230.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035231.exe Infected: Trojan.Win32.Dialer.ay
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035232.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035233.exe Infected: Trojan-Clicker.Win32.Tiny.c
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035234.exe Infected: Trojan-Downloader.Win32.Small.awa
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035235.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035237.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035238.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035239.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035240.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035241.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035242.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035243.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035244.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035245.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035246.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035247.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035248.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP162\A0035249.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP168\A0036616.exe Infected: Backdoor.Win32.SdBot.aga
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP176\A0039299.dll Infected: Trojan-Downloader.Win32.Murlo.ar
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP176\A0039304.exe Infected: Trojan-Spy.Win32.Agent.dq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP176\A0039308.dll Infected: Trojan-Spy.Win32.Agent.dq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP197\A0053256.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP199\A0057407.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP200\A0061541.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP200\A0061589.exe Infected: Trojan-Spy.Win32.Banker.acd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP200\A0061661.exe Infected: Trojan-Spy.Win32.Banker.acd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP200\A0062672.exe Infected: Net-Worm.Win32.Padobot.z
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP200\A0063672.exe Infected: Net-Worm.Win32.Padobot.z
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063685.exe Infected: Net-Worm.Win32.Padobot.z
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063697.dll Infected: Net-Worm.Win32.Padobot.z
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063699.dll Infected: Net-Worm.Win32.Padobot.z
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063706.dll Infected: Trojan-Spy.Win32.Qukart.s
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063707.dll Infected: Trojan-Spy.Win32.Qukart.s
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063709.dll Infected: Net-Worm.Win32.Padobot.z
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063710.sys Infected: Trojan-Spy.Win32.Qukart.s
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063712.dll Infected: Trojan-Downloader.Win32.Agent.pi
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063732.dll Infected: Trojan-Downloader.Win32.Small.bdh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063733.dll Infected: Trojan-Downloader.Win32.Small.bdh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063734.dll Infected: Trojan-Downloader.Win32.Agent.pi
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063736.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063743.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063744.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063746.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063747.exe Infected: Backdoor.Win32.Dumador.cy
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063748.exe Infected: Trojan-Downloader.Win32.Small.bcd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063749.exe Infected: Trojan-Dropper.Win32.Small.wv
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0063972.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064098.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064099.exe Infected: Trojan-Downloader.Win32.Agent.qx
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064100.exe Infected: Trojan.Win32.Dialer.ay
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064101.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064102.exe Infected: Trojan-Clicker.Win32.Tiny.c
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064103.exe Infected: Trojan-Downloader.Win32.Small.awa
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064104.dll Infected: Trojan-Clicker.Win32.Agent.cu
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064106.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064107.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064108.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064109.exe Infected: Backdoor.Win32.Dumador.ds
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064110.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064111.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064112.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064113.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064114.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064115.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064116.exe Infected: Trojan-Dropper.Win32.Agent.ro
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064206.dll Infected: Trojan-Downloader.Win32.Murlo.ar
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064209.exe Infected: Trojan-Spy.Win32.Agent.dq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064210.dll Infected: Trojan-Spy.Win32.Agent.dq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP201\A0064794.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067374.exe Infected: Trojan-Spy.Win32.Banker.acd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067375.exe Infected: Trojan-Downloader.Win32.Small.agq
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067376.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067377.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067378.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067379.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067380.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067381.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067382.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067383.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067384.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067385.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067386.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067387.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067388.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067389.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067390.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067391.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067392.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067393.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067394.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067395.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067396.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067397.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067399.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP205\A0067400.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074988.exe Infected: Trojan.Win32.Mutbot.d
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074989.exe Infected: Trojan.Win32.Mutbot.c
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074990.exe Infected: Trojan.Win32.Mutbot.d
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074991.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074992.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074993.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074994.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074995.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074996.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074997.exe Infected: Trojan-Downloader.Win32.Small.avt
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074998.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0074999.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0075000.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0075001.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0075002.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP210\A0075003.dll Infected: Trojan.Win32.Agent.hh
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP212\A0086108.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089215.dll Infected: Trojan-Proxy.Win32.Agent.fg
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089243.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089244.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089245.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089246.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089247.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089248.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089249.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089250.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089251.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089252.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089253.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089254.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089255.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089256.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089257.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089258.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089259.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089260.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089261.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089262.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089263.exe Infected: Trojan.Win32.Crypt.i
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089264.exe Infected: Trojan-Spy.Win32.Banker.acd
C:\System Volume Information\_restore{1286B2FD-2FAD-4664-BE97-004A30564211}\RP213\A0089265.exe Infected: Trojan-Spy.Win32.Banker.acd

Scan process completed.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 3:10:52 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Prevx 1\PXConsole.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Prevx 1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Z-Mak\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx 1\PXConsole.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123346284281
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroSVC - Unknown owner - C:\Program Files\Ahead\Nero\Misc\NeroSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx - C:\Program Files\Prevx 1\PXAgent.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom