check my log pls
-
Re: check my log pls
1)this is the http://www.virustotal.com/en/indexf.html scan. i didnt knoe which file you meant in the "C:\WINDOWS\.jagex_cache_32" so i scanned all the files that were in C:\WINDOWS\.jagex_cache_32
i)File random.dat received on 01.31.2008 05:50:54 (CET)
Current status: Finished...
Result: 0/32 (0%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.31.11 2008.01.31 -
AntiVir 7.6.0.59 2008.01.30 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.01.30 -
AVG 7.5.0.516 2008.01.30 -
BitDefender 7.2 2008.01.31 -
CAT-QuickHeal 9.00 2008.01.30 -
ClamAV 0.91.2 2008.01.30 -
DrWeb 4.44.0.09170 2008.01.30 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5499 2008.01.30 -
Ewido 4.0 2008.01.30 -
FileAdvisor 1 2008.01.31 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 -
Ikarus T3.1.1.20 2008.01.31 -
Kaspersky 7.0.0.125 2008.01.31 -
McAfee 5219 2008.01.30 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2837 2008.01.30 -
Norman 5.80.02 2008.01.30 -
Panda 9.0.0.4 2008.01.30 -
Prevx1 V2 2008.01.31 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.01.31 -
Symantec 10 2008.01.31 -
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 -
VirusBuster 4.3.26:9 2008.01.30 -
Webwasher-Gateway 6.6.2 2008.01.30 -
Additional information
File size: 24 bytes
MD5: 893cfcdbfe04ff591f9f728d90cf1b10
SHA1: 5a0ee8bc46008815f017689ed33779e113d4442b
PEiD: -
ii)In the rsmap folder (got main_file_cache.dat0, main_file_cache.idx0, main_file_cache.idx1) i scanned all of it.
File main_file_cache.dat0 received on 01.31.2008 06:06:23 (CET)
Current status: Finished...
Result: 0/32 (0%)
AhnLab-V3 2008.1.31.11 2008.01.31 -
AntiVir 7.6.0.59 2008.01.30 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.01.31 -
AVG 7.5.0.516 2008.01.30 -
BitDefender 7.2 2008.01.31 -
CAT-QuickHeal 9.00 2008.01.30 -
ClamAV 0.91.2 2008.01.30 -
DrWeb 4.44.0.09170 2008.01.30 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5499 2008.01.30 -
Ewido 4.0 2008.01.30 -
FileAdvisor 1 2008.01.31 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 -
Ikarus T3.1.1.20 2008.01.31 -
Kaspersky 7.0.0.125 2008.01.31 -
McAfee 5219 2008.01.30 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2837 2008.01.30 -
Norman 5.80.02 2008.01.30 -
Panda 9.0.0.4 2008.01.30 -
Prevx1 V2 2008.01.31 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.01.31 -
Symantec 10 2008.01.31 -
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 -
VirusBuster 4.3.26:9 2008.01.30 -
Webwasher-Gateway 6.6.2 2008.01.30 -
Additional information
File size: 423590 bytes
MD5: dc7dde70bfea9d731c22bc6c78f193d2
SHA1: f9f3653b9d95f984b9eb179909430285b35314a7
PEiD: -
File main_file_cache.idx0 received on 01.31.2008 06:11:32 (CET)
Current status: Finished...
Result: 0/32 (0%)
AhnLab-V3 2008.1.31.11 2008.01.31 -
AntiVir 7.6.0.59 2008.01.30 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.01.31 -
AVG 7.5.0.516 2008.01.30 -
BitDefender 7.2 2008.01.31 -
CAT-QuickHeal 9.00 2008.01.30 -
ClamAV 0.91.2 2008.01.30 -
DrWeb 4.44.0.09170 2008.01.30 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5499 2008.01.30 -
Ewido 4.0 2008.01.30 -
FileAdvisor 1 2008.01.31 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 -
Ikarus T3.1.1.20 2008.01.31 -
Kaspersky 7.0.0.125 2008.01.31 -
McAfee 5219 2008.01.30 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2837 2008.01.30 -
Norman 5.80.02 2008.01.30 -
Panda 9.0.0.4 2008.01.30 -
Prevx1 V2 2008.01.31 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.01.31 -
Symantec 10 2008.01.31 -
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 -
VirusBuster 4.3.26:9 2008.01.30 -
Webwasher-Gateway 6.6.2 2008.01.30 -
Additional information
File size: 9890 bytes
MD5: 64fb508f1c13e7539261330d1c209508
SHA1: bb67e9b7d576e499c8b7f37aeb8952259807f5ea
PEiD: -
File main_file_cache.idx1 received on 01.31.2008 06:15:07 (CET)
Current status: Finished...
Result: 0/32 (0%)
AhnLab-V3 2008.1.31.11 2008.01.31 -
AntiVir 7.6.0.59 2008.01.30 -
Authentium 4.93.8 2008.01.31 -
Avast 4.7.1098.0 2008.01.31 -
AVG 7.5.0.516 2008.01.30 -
BitDefender 7.2 2008.01.31 -
CAT-QuickHeal 9.00 2008.01.30 -
ClamAV 0.91.2 2008.01.30 -
DrWeb 4.44.0.09170 2008.01.30 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5499 2008.01.30 -
Ewido 4.0 2008.01.30 -
FileAdvisor 1 2008.01.31 -
Fortinet 3.14.0.0 2008.01.31 -
F-Prot 4.4.2.54 2008.01.30 -
F-Secure 6.70.13260.0 2008.01.31 -
Ikarus T3.1.1.20 2008.01.31 -
Kaspersky 7.0.0.125 2008.01.31 -
McAfee 5219 2008.01.30 -
Microsoft 1.3109 2008.01.28 -
NOD32v2 2837 2008.01.30 -
Norman 5.80.02 2008.01.30 -
Panda 9.0.0.4 2008.01.30 -
Prevx1 V2 2008.01.31 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.25.0 2008.01.31 -
Sunbelt 2.2.907.0 2008.01.31 -
Symantec 10 2008.01.31 -
TheHacker 6.2.9.203 2008.01.30 -
VBA32 3.12.2.6 2008.01.31 -
VirusBuster 4.3.26:9 2008.01.30 -
Webwasher-Gateway 6.6.2 2008.01.30 -
Additional information
File size: 165 bytes
MD5: 05e3164ec1466732edfec583b0926a92
SHA1: 347e8ba03713d87d31b34db1a3d192865499b27e
PEiD: -
this is the bitdefender log
BitDefender Online Scanner
Scan report generated at: Thu, Jan 31, 2008 - 17:16:11
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time 02:50:18
Files 533705
Folders 9943
Boot Sectors 3
Archives 57952
Packed Files 37189
Results
Identified Viruses 8
Infected Files 15
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 0
Engines Info
Virus Definitions 878559
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 14
Archive plugins 38
Unpack plugins 7
E-mail plugins 6
System plugins 1
Scan Settings
First Action Report
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Handy_Recovery_v4.0 patch.exe Infected with: Trojan.Pws.Onlinegames.ACI
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Norton 360 keygen.exe Infected with: Packer.Krunchy.A
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Norton Ghost12 keygen.exe Infected with: Packer.Krunchy.A
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\QuickTime.Pro.7.1.5.120 keymaker.exe Infected with: Backdoor.Pcclient.GV
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\StyleXP_Keygen.exe Infected with: Packer.PESpin.A
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025595.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected with: Trojan.Bat.Sdel.AC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025599.bat Infected with: Trojan.Bat.Sdel.AC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP68\A0025656.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected with: Trojan.Bat.Sdel.AC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP79\A0026971.exe=>(RAR Sfx o)=>ifx.mrc Infected with: Trojan.IRC.Flood.ISC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP81\A0027175.exe Infected with: Trojan.Pws.Onlinegames.ACI
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP82\A0027301.exe Infected with: Trojan.Pws.Onlinegames.ACI
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027482.exe=>wise0021=>(CAB Sfx r)=>VVSN.exe Infected with: Generic.Adw.SaveNow.56AD4696
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027515.dll Infected with: Trojan.Dloader.BUP
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028528.exe=>(CAB Sfx r)=>VVSN.exe Infected with: Generic.Adw.SaveNow.56AD4696
C:\WINDOWS\system32\ctf\ifx.mrc Infected with: Trojan.IRC.Flood.ISC
This is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:42 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Foolyou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6759 bytes
-
Wasn't there an option for BitDefender to delete what it found?
Folder called:CRACK needs to be deleted from safe mode if needed
And this:what ever that is
C:\WINDOWS\system32\ctf\ifx.mrc
Stuff in system restore can be flushed as a last resort.
Need feed back on how the PC is behaving now?
-
this is the new bitdefender online scan ( i totaly forgot that i must unhide the hidden folders and also uncheck the hide protection operating system files) is it okay??
the settings for the old bitdefender online scan was already set to delete as the second option and the action options was to report only. so FOR THE NEW BITDEFENDER LOG, I CHANGED THE SETTINGS IN THE ACTION OPTIONS TO DELETE AND THE SECOND ACTION IS TO DELETE
Just for your info
** the update for the online bitdefender could not be done, i dont knoe why... so i canceled it
BitDefender Online Scanner
Scan report generated at: Fri, Feb 01, 2008 - 12:53:50
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
03:12:16
Files
538771
Folders
9956
Boot Sectors
3
Archives
58138
Packed Files
38610
Results
Identified Viruses
11
Infected Files
25
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
25
Engines Info
Virus Definitions
894748
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Delete
Second Action
None
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\$VAULT$.AVG\34076562.FIL
Infected with: Trojan.Vundo.DVD
C:\$VAULT$.AVG\34076562.FIL
Deleted
C:\$VAULT$.AVG\44063562.FIL
Infected with: Trojan.Vundo.DVD
C:\$VAULT$.AVG\44063562.FIL
Deleted
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Handy_Recovery_v4.0 patch.exe
Infected with: Trojan.Pws.Onlinegames.ACI
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Handy_Recovery_v4.0 patch.exe
Deleted
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Norton 360 keygen.exe
Infected with: Packer.Krunchy.A
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Norton 360 keygen.exe
Deleted
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Norton Ghost12 keygen.exe
Infected with: Packer.Krunchy.A
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\Norton Ghost12 keygen.exe
Deleted
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\QuickTime.Pro.7.1.5.120 keymaker.exe
Infected with: Backdoor.Pcclient.GV
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\QuickTime.Pro.7.1.5.120 keymaker.exe
Deleted
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\StyleXP_Keygen.exe
Infected with: Packer.PESpin.A
C:\Documents and Settings\Owner\Desktop\setups\CRACK\Over 1000 Keygens Cracks Pacthes Serials Kuld33p\StyleXP_Keygen.exe
Deleted
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\winrkq32.dll.b ad
Infected with: MemScan:Trojan.Dialer.VWB
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\winrkq32.dll.b ad
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0024515.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0024515.ini
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0024556.ini
Infected with: Trojan.Vundo.DVS
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0024556.ini
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025595.exe=>(RAR Sfx o)=>CFCleanUp.bat
Infected with: Trojan.Bat.Sdel.AC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025595.exe=>(RAR Sfx o)=>CFCleanUp.bat
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025595.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025599.bat
Infected with: Trojan.Bat.Sdel.AC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP67\A0025599.bat
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP68\A0025656.exe=>(RAR Sfx o)=>CFCleanUp.bat
Infected with: Trojan.Bat.Sdel.AC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP68\A0025656.exe=>(RAR Sfx o)=>CFCleanUp.bat
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP68\A0025656.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP79\A0026971.exe=>(RAR Sfx o)=>ifx.mrc
Infected with: Trojan.IRC.Flood.ISC
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP79\A0026971.exe=>(RAR Sfx o)=>ifx.mrc
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP79\A0026971.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP81\A0027175.exe
Infected with: Trojan.Pws.Onlinegames.ACI
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP81\A0027175.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP82\A0027301.exe
Infected with: Trojan.Pws.Onlinegames.ACI
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP82\A0027301.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027482.exe=>wise0021=>(CAB Sfx r)=>VVSN.exe
Infected with: Generic.Adw.SaveNow.56AD4696
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027482.exe=>wise0021=>(CAB Sfx r)=>VVSN.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027482.exe=>wise0021=>(CAB Sfx r)
Update failed
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027515.dll
Infected with: Trojan.Dloader.BUP
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027515.dll
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028528.exe=>(CAB Sfx r)=>VVSN.exe
Infected with: Generic.Adw.SaveNow.56AD4696
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028528.exe=>(CAB Sfx r)=>VVSN.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028528.exe=>(CAB Sfx r)
Update failed
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029000.exe
Infected with: Trojan.Pws.Onlinegames.ACI
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029000.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029001.exe
Infected with: Packer.Krunchy.A
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029001.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029002.exe
Infected with: Packer.Krunchy.A
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029002.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029003.exe
Infected with: Backdoor.Pcclient.GV
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029003.exe
Deleted
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029004.exe
Infected with: Packer.PESpin.A
C:\System Volume Information\_restore{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP89\A0029004.exe
Deleted
C:\WINDOWS\system32\ctf\ifx.mrc
Infected with: Trojan.IRC.Flood.ISC
C:\WINDOWS\system32\ctf\ifx.mrc
Deleted
this is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:10 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Foolyou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6758 bytes
Last edited by ramesh help; 01-02-2008 at 06:10 AM.
-
Everything looks great, how is the PC performing now?
-
I still have the same problem. when i save a link to the desktop, then i try to double click on it, it opens the internet explorer but it wont load no matter how long i leave it like that. when i click the STOP button, it says res://C:\WINDOWS\system32\shdoclc.dll/navcancl.htm. so i cant open the link. I have to copy the link manually and pasting ot on the address bar.
what could be the problem??
-
Run hijackthis and click on "scan system only" button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
Please close ALL browser windows (including this one).
Everything closed out but hijackthis and click on "fix checked"
Reboot your PC
Do a scan with super antispyware also following previous instructions. Thanks.
-
super antispyware also following previous instructions
i cant find this post in my thread. can you help me locate it
thx
-
Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html
* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the [color=blue]SUPERAntiSpyware[/b] log in your next reply.
-
this is the SUPERAntispyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/02/2008 at 06:25 PM
Application Version : 3.9.1008
Core Rules Database Version : 3394
Trace Rules Database Version: 1386
Scan type : Complete Scan
Total Scan Time : 02:33:06
Memory items scanned : 384
Memory threats detected : 0
Registry items scanned : 6678
Registry threats detected : 23
File items scanned : 61287
File threats detected : 47
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@cad-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1059604909[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.mediafire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@soundclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hardwarezone.us.intel litxt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@freecodesource.advert serve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hardwarezone.com[2].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@24714[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@24713[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@linkto.mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@streamit.hardwarezone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hardwarezone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adsense[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adsense[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adsense[3].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
Adware.OneStepSearch
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONE STEP_SEARCH_SERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Type
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Start
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Description
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#NextInstance
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ONESTEPSEARCH\ONESTEPSEARCH_DELETED_\ONESTEP .DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ONESTEPSEARCH\ONESTEPSEARCH_DELETED_\ONESTEP .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ONESTEPSEARCH\ONESTEPSEARCH_DELETED_\UNINSTA LL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027476.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027516.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028527.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP87\A0028776.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP88\A0028803.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP88\A0028804.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP88\A0028805.EXE
Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SETUPS\CRACK\ALCOHOL.120.V1 .9.7.6022-TRIAL-MERRY.CHRISTMAS.TATA.JANINE.READNFO_LOADER-FFF\SETUP.EXE
Trojan.TLoad
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP71\A0026011.INF
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP71\A0026012.INF
Spyware.RelevantKnowledge
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027513.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0027514.EXE
Adware.WhenU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028521.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028522.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028525.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028528.EXE
RelevantKnowledge Spyware Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48447FBC-DEC0-4563-94A0-F3A22744F87A}\RP85\A0028598.EXE
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\PPQSS.INI
This is the hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:05 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\Foolyou.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: QuickSet Internet Zone - {3417D8E1-5942-11d6-A0E0-0002B364F69B} - C:\Program Files\QSIZ\qsiz.EXE (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1188901880687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1188902392515
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://www.innotive.com/download/cibrowser11.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://unitedpage.spaces.live.com/Ph...d/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE1F9E2-D9A2-414D-A17A-C6CC7A5A6257}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6628 bytes
-
I need feedback each time you post on how your PC is performing now please.
