Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential PC Hi-jack


  • This topic is locked This topic is locked
12 replies to this topic

#1 breadvan579

breadvan579

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 06 March 2005 - 06:58 AM

Hi, reading some of post in this forum am I led to believe my PC is being hi jacked.

Until 1 week ago I used Norton 2005 to administer security on my PC, but it was not performing - long story, so I set about the process of installing SP2, AVG (Fee version), Microsft AntiSpyware and Ad-Aware.

All seems to be working and the system has been through many scans and now report a clean bill of health.

My problem is that when I connect the PC to the internet (directly through USB broadband modem) or wirelessly through another PC, I am able to send email, connect to skype, iTunes and even browser the internet for approximately 5 minutes, but then all services stop working.

Connected via modem or wireless, the network still says all is OK, IP addresses still present, but no traffic and no ability to send/receive email or browse the internet.

When connected via modem, a quick disconnect and reconnect and I am working againg for approximately 5 minutes, the wireless requires a reboot.

Another potential factor is that the browsing experience is very slow compared to other PC of the same spec on the network.

So, I came across your discussion group and was delighted to see similar problems reported by others, I have downloaded the 'hijack' application and the results are attached. Any help you can offer would be greatly appreciated.

Many thanks

-------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:40:35, on 06/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\32muanger.exe
C:\WINDOWS\system32\mcafee32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\tay0x.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Monitor] winmon.exe
O4 - HKLM\..\Run: [amturr3] 32muanger.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [aldefr ere service] tay0x.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKLM\..\RunServices: [amturr3] 32muanger.exe
O4 - HKLM\..\RunServices: [aldefr ere service] tay0x.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [amturr3] 32muanger.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [aldefr ere service] tay0x.exe
O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
O4 - HKCU\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKCU\..\RunServices: [amturr3] 32muanger.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:02 PM

Posted 06 March 2005 - 03:34 PM

Download eScan
Save it on your desktop.

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run mwav.exe
Check Drive
Select All Local Drives and Scan All Files
Click Scan and when it has finished, what was found will be displayed in the lower pane. Highlight it, press CTRL C, open Notepad and paste it there. Save the file on your desktop.

REBOOT normally.

Post the eScan the log here.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 breadvan579

breadvan579
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 March 2005 - 10:12 AM

Hi Daisuke, thanks for you help, please find attached results below.

File C:\WINDOWS\system32\32muanger.exe infected by "Backdoor.Win32.Rbot.fo" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mcafee32.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\tay0x.exe infected by "Backdoor.Win32.SdBot.lt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\930130.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\3g3pytzl4u02n.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\4homhyhcmp.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\5w43g8zf9h.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\62j4gz49i77pid.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\76jhyhnlt3h.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\b6v5sxeuil.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\blsi5bdxxn3y9l.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\eep7gu1nus.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\iuz6g9shoe.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\j4k0xh3s3h.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\kans.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\kansup.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\ly1hdpw2o2dp7c.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\mo9f7ytb246eo.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\trufkz.html infected by "Trojan-Clicker.JS.Linker.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\x.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\User1\LOCALS~1\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\User1\gthu.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\User1\Local Settings\Temp\uninstall.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.q" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\User1\ysbinstall_1000489_3_lo.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\MSprotoc.exe infected by "Trojan-Dropper.Win32.Agent.hi" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\60E3F7CF-C761-48BE-9A4F-8DBDB7\AC18C8C4-A4F5-4D33-AC97-9C8CFF infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\60E3F7CF-C761-48BE-9A4F-8DBDB7\E3AF6296-D71D-4158-8DA9-86C435 infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\7AD8CF07-726B-4369-A817-61E62A\B47789C2-A305-4379-ABC9-D540AF infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\7AD8CF07-726B-4369-A817-61E62A\C13E674F-4669-4A86-9C21-E527AB infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037449.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037450.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037451.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037452.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037453.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037600.exe tagged as not-a-virus:RiskWare.mIRC.5.9.1. No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037610.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037611.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037612.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037613.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037614.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0037615.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038610.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038611.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038612.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038613.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038614.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038620.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038628.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038629.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038630.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038631.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038632.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038635.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038636.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038637.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038652.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038653.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038654.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038655.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038656.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038657.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038658.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038661.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038662.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038663.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038664.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038665.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038666.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038667.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038668.exe infected by "Exploit.Win32.DCom.w" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038669.exe tagged as not-a-virus:RiskWare.Tool.PrcView.3725. No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038671.bat infected by "Trojan.BAT.Zapchast" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038672.exe infected by "Exploit.Win32.MS04-011" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038679.exe tagged as not-a-virus:RiskWare.Tool.HideWindows. No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038680.exe infected by "Backdoor.Win32.SdBot.lt" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038682.exe tagged as not-a-virus:RiskWare.FTP.SlimFTPd.312b. No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038684.exe infected by "Backdoor.Win32.SdBot.lt" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038686.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0038687.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0039692.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0039699.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0039700.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0039701.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0039702.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040013.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040014.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040015.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040016.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040017.exe infected by "Trojan-Downloader.Win32.IstBar.hh" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040018.exe infected by "Trojan-Downloader.Win32.IstBar.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040019.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040020.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040021.dll infected by "not-a-virus:AdWare.WinAD.u" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040022.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040023.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040024.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040025.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040026.exe infected by "not-a-virus:AdWare.WinAD.s" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040027.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040028.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040029.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040030.exe infected by "Trojan-Downloader.Win32.IstBar.hs" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040031.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040032.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040033.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040034.exe infected by "not-a-virus:AdWare.PowerScan.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040035.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040036.exe infected by "Backdoor.Win32.SdBot.05.bd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040037.dll infected by "Trojan-Downloader.Win32.IstBar.hf" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040038.sys infected by "Trojan.Win32.Rootkit.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040039.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040040.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040041.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040042.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040043.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040045.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040046.sys infected by "Trojan.Win32.Rootkit.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040047.exe infected by "Backdoor.Win32.PoeBot.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040048.dll infected by "Trojan-Downloader.Win32.IstBar.hf" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040049.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040050.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040051.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040052.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040053.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040054.exe infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040055.dll infected by "Trojan-Downloader.Win32.IstBar.fz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040056.exe infected by "Trojan-Downloader.Win32.IstBar.hh" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040057.exe infected by "Trojan-Downloader.Win32.IstBar.he" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040058.exe infected by "Trojan-Dropper.Win32.WinAD.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040059.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040060.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040061.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040062.exe infected by "Trojan-Downloader.Win32.IstBar.eo" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040063.exe infected by "Trojan-Downloader.Win32.IstBar.eo" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040064.dll infected by "not-a-virus:AdWare.ToolBar.SideFind" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040065.exe infected by "Trojan-Downloader.Win32.IstBar.eo" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040066.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040067.dll infected by "Trojan-Downloader.Win32.Small.xo" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040068.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040069.dll infected by "not-a-virus:AdWare.WinAD" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040070.dll infected by "Trojan-Downloader.Win32.IstBar.gb" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040071.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040072.exe infected by "not-a-virus:AdWare.SiteBar.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040073.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP93\A0040075.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043938.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043939.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043940.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043941.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043946.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043970.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043972.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043973.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP96\A0043974.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP97\A0044034.dll infected by "Trojan-Downloader.Win32.Small.amg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP97\A0044114.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP97\A0044115.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP97\A0044116.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP97\A0044117.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044133.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044140.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044141.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044142.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044143.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044144.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044146.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044147.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044150.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044151.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044152.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044153.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044160.exe infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044163.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044164.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044165.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP98\A0044168.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP99\A0044448.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{95B5710A-A8ED-432C-AB66-F97944744639}\RP99\A0044449.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\930130.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ringtone.exe tagged as not-a-virus:RiskWare.Dialer.PlayGames. No Action Taken.

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:02 PM

Posted 08 March 2005 - 11:43 AM

There are many bad files.

1. Download SYSCLEAN.COM from Trend Micro site:
http://www.trendmicro.com/ftp/products/tsc/sysclean.com

2. Create a temporary folder and copy SYSCLEAN.COM into this folder
NOTE: This temporary folder should be created on a local or mapped drive

3. Download the latest pattern file (as in lpt482.zip where the last 3 digits indicate a virus pattern number) from Trend Micro site:
http://www.trendmicro.com/download/pattern.asp.

Extract the downloaded ZIP pattern file into the created folder

REBOOT into SafeMode.

4. Close all applications running on your system

5. Run the System Cleaner by double-clicking the executable file SYSCLEAN.COM in Windows Explorer:

6. Make sure "Automatically Clean Infected Files" is checked and click "Scan"

7. At the end of the scanning process this fix tool generates a log file, SYSCLEAN.LOG, in its current folder. Click the "View Log" button, copy the log and post it here.

Post a new HijackThis log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 breadvan579

breadvan579
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 March 2005 - 03:53 PM

Hi, I have I think run the process as instructed with the results below. I will add an additional post for the new results of the Hi Jack application.
Thanks



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-03-08, 19:30:46, Auto-clean mode specified.
2005-03-08, 19:30:46, Running scanner "C:\_temp sysclean\TSC.BIN"...
2005-03-08, 19:39:33, Scanner "C:\_temp sysclean\TSC.BIN" has finished running.
2005-03-08, 19:39:33, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Tue Mar 08 2005 19:30:46

Load Damage Cleanup Template (DCT) "C:\_temp sysclean\tsc.ptn" (version 555) [success]
WORM_SDBOT.ABE[virus found]
-->delete registry data("n/a","Software\Microsoft\OLE","winmon.exe") success
-->delete registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\OLE","winmon.exe") success
-->delete registry data("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Control\Lsa","winmon.exe") success
-->delete registry data("n/a","SYSTEM\CurrentControlSet\Control\Lsa","winmon.exe") success
-->delete registry key("HKEY_CURRENT_USER","SYSTEM","") success
-->delete registry key("HKEY_CURRENT_USER","Software\Microsoft\OLE","") success
-->modify registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\OLE","enabledcom") success
-->modify registry value("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous") success

Complete time : Tue Mar 08 2005 19:32:16
Execute pattern count(2092), Virus found count(1), Virus clean count(1), Clean failed count(0)

2005-03-08, 19:39:50, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-03-08, 19:39:50, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-03-08, 19:39:50, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-08, 19:39:50, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-08, 19:39:50, An error occurred while scanning file "C:\Documents and Settings\User1\ntuser.dat": Access is denied.
2005-03-08, 19:39:50, An error occurred while scanning file "C:\Documents and Settings\User1\ntuser.dat.LOG": Access is denied.
2005-03-08, 19:40:08, An error occurred while scanning file "C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-03-08, 19:40:08, An error occurred while scanning file "C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-03-08, 19:53:34, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\1474011.EXE-2C8402E0.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\1474012.EXE-227ADAD2.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\1477621.EXE-03C562C8.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\1477722.EXE-1E176E0C.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\32MUANGER.EXE-11BD5A19.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\937541.EXE-101EB295.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\937542.EXE-03456116.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\940751.EXE-05803E12.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AAWSEPERSONAL.EXE-12C9F6D8.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-0B387BE8.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-25B8DD3B.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\DEVLDR32.EXE-2CF621DF.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\DRAGDIAG.EXE-0317E0C9.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX SETUP 1.0.1.EXE-35D2D70B.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASDTSERV.EXE-04B13CAF.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASINSTALLHELPER.EXE-08D85A8C.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSERV.EXE-3660CD4E.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSERVALERT.EXE-23FC31BB.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GIANTANTISPYWAREMAIN.EXE-0F089A5A.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GOOGLETOOLBARINSTALLER[1].EXE-2351CAB8.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\GTHU.EXE-0DA88AD4.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-37AD0A02.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNES.EXE-1A268432.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\JOCKER.EXE-0559275D.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\KAVSS.EXE-30BEA6B7.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\MICROSOFTANTISPYWAREINSTALL.E-37FDF0F8.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAV.EXE-2D5699A9.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAVSCAN.COM-2B51E19D.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-179DEC04.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E6ED95.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-131A7656.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-155CD7BB.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-16BFF8EE.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-17D51176.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1802317C.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F612288.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2127AFBA.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-215E0140.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-21D394C8.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2341BBC5.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C7B5C4A.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-311943EE.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C9B5E29.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FEBDDDB.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4325FCB5.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-23AE8EC3.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\SHMGRATE.EXE-1BA69E68.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\STDIALUP.EXE-1583FB2A.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\SUICIDETB.EXE-006EF980.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\SXE3.TMP-270C2F3B.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMAN.EXE-286CBC75.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\TAY0X.EXE-16E7DD46.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\WFXMOD32.EXE-024419F9.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf": Access is denied.
2005-03-08, 19:59:18, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-03-08, 20:03:47, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-03-08, 20:03:48, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-03-08, 20:03:48, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-03-08, 20:06:08, Running scanner "C:\_temp sysclean\VSCANTM.BIN"...
2005-03-08, 20:31:12, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 20:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\_temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\_temp sysclean

C:\Documents and Settings\User1\gthu.exe [TROJ_LOWZONES.AX]
C:\WINDOWS\system32\kans.reg [REG_LOWZONES.F]
C:\WINDOWS\system32\kansup.reg [REG_LOWZONES.D]
C:\WINDOWS\system32\trufkz.html [HTML_LOWZONES.Q]
C:\WINDOWS\system32\x.bat [BAT_LOWZONES.F]
30829 files have been read.
30829 files have been checked.
24398 files have been scanned.
47452 files have been scanned. (including files in archived)
5 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 20:31:11
---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 20:31:12, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 20:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\_temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\_temp sysclean

Success Clean [TROJ_LOWZONES.AX]( 1) from C:\Documents and Settings\User1\gthu.exe
Success Clean [ REG_LOWZONES.F]( 1) from C:\WINDOWS\system32\kans.reg
Success Clean [ REG_LOWZONES.D]( 1) from C:\WINDOWS\system32\kansup.reg
Success Clean [ HTML_LOWZONES.Q]( 1) from C:\WINDOWS\system32\trufkz.html
Success Clean [ BAT_LOWZONES.F]( 1) from C:\WINDOWS\system32\x.bat
30829 files have been read.
30829 files have been checked.
24398 files have been scanned.
47452 files have been scanned. (including files in archived)
5 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 20:31:11 25 minutes 2 seconds (1502.53 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 20:31:12, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 20:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\_temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\_temp sysclean

30829 files have been read.
30829 files have been checked.
24398 files have been scanned.
47452 files have been scanned. (including files in archived)
5 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 20:31:11 25 minutes 2 seconds (1502.53 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 20:31:12, Scanner "C:\_temp sysclean\VSCANTM.BIN" has finished running.
2005-03-08, 20:31:52, An error was detected on "F:\System Volume Information\*.*": Access is denied.
2005-03-08, 20:31:52, Running scanner "C:\_temp sysclean\VSCANTM.BIN"...
2005-03-08, 20:31:57, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 20:31:52
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\_temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\_temp sysclean

7 files have been read.
7 files have been checked.
5 files have been scanned.
5 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 20:31:57
---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 20:31:57, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 20:31:52
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\_temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\_temp sysclean

7 files have been read.
7 files have been checked.
5 files have been scanned.
5 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 20:31:57 0.02 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 20:31:57, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/8/2005 20:31:52
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 480 (93101 Patterns) (2005/03/07) (248000)
Command Line: C:\_temp sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\_temp sysclean

7 files have been read.
7 files have been checked.
5 files have been scanned.
5 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/8/2005 20:31:57 0.02 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-03-08, 20:31:57, Scanner "C:\_temp sysclean\VSCANTM.BIN" has finished running.

#6 breadvan579

breadvan579
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 March 2005 - 03:54 PM

Results of the most up to date Hijack

Logfile of HijackThis v1.99.1
Scan saved at 20:47:24, on 08/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [amturr3] 32muanger.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [aldefr ere service] tay0x.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [amturr3] 32muanger.exe
O4 - HKLM\..\RunServices: [aldefr ere service] tay0x.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [amturr3] 32muanger.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [aldefr ere service] tay0x.exe
O4 - HKCU\..\RunServices: [amturr3] 32muanger.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

#7 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:02 PM

Posted 08 March 2005 - 04:33 PM

Please run HijackThis! in Normal Mode and post a new log.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#8 breadvan579

breadvan579
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 March 2005 - 04:42 PM

Apologies, this is the document produced when running in normal mode:

Logfile of HijackThis v1.99.1
Scan saved at 21:40:25, on 08/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\32muanger.exe
C:\WINDOWS\system32\mcafee32.exe
C:\WINDOWS\system32\tay0x.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [amturr3] 32muanger.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [aldefr ere service] tay0x.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [amturr3] 32muanger.exe
O4 - HKLM\..\RunServices: [aldefr ere service] tay0x.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [amturr3] 32muanger.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [aldefr ere service] tay0x.exe
O4 - HKCU\..\RunServices: [amturr3] 32muanger.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

#9 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:02 PM

Posted 08 March 2005 - 04:56 PM

Download System Security Suite here:
System Security Suite Download. Unzip it to your desktop. Install the program. Don't use it yet.

Please print or copy these instructions because you are not able to access the Internet in SafeMode.

Make sure you are set to show hidden files and folders:
A. On the Tools menu in Windows Explorer, click Folder Options.
B. Click the View tab.
C. Under Hidden files and folders, click Show hidden files and folders.
D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.
How to see hidden files in Windows

REBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

Run HijackThis!, press Scan, and put a check mark next to all these:

O4 - HKLM\..\Run: [amturr3] 32muanger.exe
O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKLM\..\Run: [aldefr ere service] tay0x.exe
O4 - HKLM\..\RunServices: [amturr3] 32muanger.exe
O4 - HKLM\..\RunServices: [aldefr ere service] tay0x.exe
O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [amturr3] 32muanger.exe
O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe
O4 - HKCU\..\Run: [aldefr ere service] tay0x.exe
O4 - HKCU\..\RunServices: [amturr3] 32muanger.exe


Close all other windows and browsers, and press the Fix Checked button.

Search for these files and delete them if present:
C:\WINDOWS\system32\32muanger.exe <-- this file
C:\WINDOWS\system32\mcafee32.exe <-- this file
C:\WINDOWS\system32\tay0x.exe <-- this file

With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

REBOOT normally.

Infected files are still there. Download, install and run Kaspersky Antivirus Personal edition.
You can find a tutorial here: http://www.bleepingcomputer.com/forums/t/11662/how-to-remove-bubed-aka-win32beavis-aka-isrvs/ (read only how to install and to run the program)
Go here to download the free KAV Personal 5.0 Trial (good for 30 days)
http://www.kaspersky.com/index.html

Install the program, update it, reboot into safemode and scan your computer. You have to disable temprarely AVG7.

REBOOT your machine.

Run HijackThis! again and post a new log please.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#10 breadvan579

breadvan579
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 March 2005 - 06:46 PM

Hi, I have gone through the process as instructed to the point of completing the actions from within the System Security Suite.

I rebooted windows into normal mode, then ran HiJackThis again and the offending files are no longer present (see output below).

Does this mean my machine is now free from all Virus and Spyware and should now operate as usual ? If so, you are a genious !

Logfile of HijackThis v1.99.1
Scan saved at 23:41:32, on 08/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home/downl...bcontrol013.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

#11 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:02 PM

Posted 08 March 2005 - 07:13 PM

Log looks clean...great job ! :thumbsup:

Disable, REBOOT and enable Windows XP System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

How did I get infected ? With steps so it does not happen again !

Glad I was able to help.

Edited by Daisuke, 08 March 2005 - 07:15 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#12 breadvan579

breadvan579
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 09 March 2005 - 03:09 PM

I cannot thank you enough.
I have now tested the machine and all is well.
Thank you very much.
Regards

#13 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:02 PM

Posted 09 March 2005 - 04:12 PM

You're Welcome ! Happy surfing :thumbsup:



Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by Daisuke, 20 March 2005 - 02:08 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users