Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heavy.com And Directsatellitle.com Pop Ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 lightguy531

lightguy531

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 06 February 2008 - 03:04 PM

My friend is computer illiterate so I'm posting this on her behalf... her computer is infected with numerous viruses and pop ups... Attached I have her HJT log and her Kaspersky Online Virus Scan log... Help would be appreciated.. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:09 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Student Backup\rbackup.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\QdrModule\QdrModule12.exe
C:\Program Files\QdrPack\QdrPack12.exe
C:\Program Files\?racle\?srss.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lasalle.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lasalle.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3331C9E0-087A-59DA-531B-2F00BCBA8BCE} - C:\WINDOWS\system32\qlc.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtuvtt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [Qswyw] "C:\Program Files\?racle\?srss.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'Default user')
O4 - .DEFAULT User Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\Ctrax Player\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://notes-srv1.lasalle.edu/iNotes6W.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://sln.lasalle.edu/dwa7W.cab
O20 - Winlogon Notify: awtuvtt - C:\WINDOWS\SYSTEM32\awtuvtt.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Student Backup - Remote Backup Systems, Inc. - C:\Program Files\Student Backup\rbackup.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11479 bytes


Kaspersky:

Here's her Kaspersky log... Some interesting finds.
Number of viruses found 10
Number of infected objects 23

Infected Object Name Virus Name Last Action

C:\Documents and Settings\Allison\Local Settings\Temp\D1475.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\Documents and Settings\Allison\Local Settings\Temp\D1475.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\Documents and Settings\Allison\Local Settings\Temp\D1475.tmp NSIS: infected - 2 skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\31W48MBF\!update-4495[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.fk skipped


C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[2] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[3] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[4] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[5] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[6] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[7] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\N67MSTKC\css4[8] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[10] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[1] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[2] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[3] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[4] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[5] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[6] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[7] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[8] Object is locked skipped

C:\Documents and Settings\Allison\Local Settings\Temporary Internet Files\Content.IE5\NJOXPSBI\css4[9] Object is locked skipped

C:\Documents and Settings\Allison\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Allison\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Student Backup\backup.ldb Object is locked skipped

C:\Program Files\Student Backup\backup.mdb Object is locked skipped

C:\quarantine\BIT1478.tmp.Vir Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP408\A0072715.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP409\A0073763.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP409\A0073783.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP411\A0073834.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP411\A0073835.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP411\A0073835.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP411\A0073835.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP411\A0073835.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP416\A0073903.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP416\A0073906.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP416\A0073908.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP433\A0074601.exe Infected: not-a-virus:AdWare.Win32.Agent.abh skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP433\A0074606.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP434\A0075300.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP434\A0075301.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP434\A0075303.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP434\A0075321.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP435\A0075329.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP435\A0075330.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP435\A0075331.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP435\A0075336.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP436\A0075354.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP436\A0075355.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP436\A0075357.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP436\A0075358.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP436\A0075368.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP436\A0075369.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075634.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075636.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075637.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075638.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075639.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075640.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075641.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075642.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075643.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075644.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075645.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075646.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075647.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075648.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075649.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075651.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075654.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075655.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075656.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075657.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075658.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075659.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075660.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075661.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075662.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075663.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075664.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075665.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075666.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075667.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075668.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075669.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075670.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075671.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075672.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075673.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075674.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075675.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075676.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075677.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075678.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075679.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075680.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075681.exe Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075718.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075721.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075721.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075722.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075722.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075731.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP437\A0075733.dll Object is locked skipped

C:\System Volume Information\_restore{41355720-BA26-4221-9CCD-539DCD9A998A}\RP438\change.log Object is locked skipped

C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

C:\WINDOWS\b104.exe NSIS: infected - 3 skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{4532026F-1A68-4A6C-809C-07F1F1AE6BAB}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\awtqn.dll Object is locked skipped

C:\WINDOWS\system32\awtqo.dll Object is locked skipped

C:\WINDOWS\system32\awtqq.dll Object is locked skipped

C:\WINDOWS\system32\awtst.dll Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\Software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\System.LOG Object is locked skipped

C:\WINDOWS\system32\ddcca.dll Object is locked skipped

C:\WINDOWS\system32\ddcya.dll Object is locked skipped

C:\WINDOWS\system32\geeby.dll Object is locked skipped

C:\WINDOWS\system32\geeda.dll Object is locked skipped

C:\WINDOWS\system32\geedb.dll Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\jkhfg.dll Object is locked skipped

C:\WINDOWS\system32\jkhhe.dll Object is locked skipped

C:\WINDOWS\system32\jkhhf.dll Object is locked skipped

C:\WINDOWS\system32\jkkjh.dll Object is locked skipped

C:\WINDOWS\system32\mljgd.dll Object is locked skipped

C:\WINDOWS\system32\mlljh.dll Object is locked skipped

C:\WINDOWS\system32\mlljj.dll Object is locked skipped

C:\WINDOWS\system32\pmkjk.dll Object is locked skipped

C:\WINDOWS\system32\pmnnl.dll Object is locked skipped

C:\WINDOWS\system32\pmnnm.dll Object is locked skipped

C:\WINDOWS\system32\qlc.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped

C:\WINDOWS\system32\ssqpn.dll Object is locked skipped

C:\WINDOWS\system32\ssqpp.dll Object is locked skipped

C:\WINDOWS\system32\sstqn.dll Object is locked skipped

C:\WINDOWS\system32\sstqq.dll Object is locked skipped

C:\WINDOWS\system32\sstqr.dll Object is locked skipped

C:\WINDOWS\system32\sstts.dll Object is locked skipped

C:\WINDOWS\system32\vtsqn.dll Object is locked skipped

C:\WINDOWS\system32\vtstr.dll Object is locked skipped

C:\WINDOWS\system32\vtsts.dll Object is locked skipped

C:\WINDOWS\system32\vtstt.dll Object is locked skipped

C:\WINDOWS\system32\vtutr.dll Object is locked skipped

C:\WINDOWS\system32\vtuts.dll Object is locked skipped

C:\WINDOWS\system32\vtutt.dll Object is locked skipped

C:\WINDOWS\system32\vtutu.dll Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JET35.tmp Object is locked skipped

C:\WINDOWS\Temp\JETCDEE.tmp Object is locked skipped

C:\WINDOWS\Temp\~DF6B74.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\My Music\iTunes\iTunes Library.itl Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped



Any help would be greatly appreciated..

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:01 PM

Posted 07 February 2008 - 09:06 AM

Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:01 PM

Posted 17 February 2008 - 09:53 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users