Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win-antivirus And Win Doctor Spyware Infection-hjt Logfile


  • This topic is locked This topic is locked
19 replies to this topic

#16 sutmac78

sutmac78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 11 October 2006 - 02:47 PM

Well Jamie, I might have jumped the gun, but I am not sure.....here's why. I haven't had any hijack attempts yet or any viruses detected through AVG. But, just in case I ran another scan at Kaspersky and it said I still have infected files. I don't know if this is true, but according to the online scanner it is....here is the text log form today 10/11/2006 at 3:00 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 11, 2006 3:36:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/10/2006
Kaspersky Anti-Virus database records: 230794
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47935
Number of viruses found: 3
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:13:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-09142006-112839.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SUTTON\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SUTTON\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SUTTON\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SUTTON\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1C02C58A-70F7-4BBB-9E2B-75F0E2BDC075} Object is locked skipped
C:\Documents and Settings\SUTTON\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SUTTON\Local Settings\History\History.IE5\MSHist012006101120061012\index.dat Object is locked skipped
C:\Documents and Settings\SUTTON\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SUTTON\ntuser.dat Object is locked skipped
C:\Documents and Settings\SUTTON\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SUTTON\UserData\index.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\SUTTON\Data\storydb.idx Object is locked skipped
C:\Program Files\StarForce\Safe'n'Sec\Data\Storage.dbs Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010006.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP101\A0011442.dll Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP101\A0011443.dll Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP101\A0011444.dll Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP116\A0012718.dll Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP135\A0013095.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP138\A0013273.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP138\A0013277.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP138\A0013278.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP139\A0013289.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP139\A0013290.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP139\A0013291.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP140\change.log Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP61\A0010388.exe Object is locked skipped
C:\System Volume Information\_restore{1D2EA241-FF63-42B0-BFEE-62FB4B7D6725}\RP83\A0011224.dll Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{23DB6F34-91B3-4629-9431-370AFF9401C7}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\Internet.evt Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINNT\TEMP\~DF8D1B.tmp Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#17 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 11 October 2006 - 03:02 PM

Hey Sutmac78

You need to read my last post carefully.

Please pay particular attention to Step A & G!


This is why I stressed this in my security speech. You actually have no infection showing in the latest Kaspersky report except in the System Restore folder. This is why you need to follow the first step. Once you have disabled System Restore and then re-enabled it you will no longer have any infection on your computer :thumbsup:

Good Luck! :flowers:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#18 sutmac78

sutmac78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 12 October 2006 - 01:43 PM

Yeah... actually I thought about System Restore after I sent you that last reply....my bad. :thumbsup: I had used System Restrore about 10 different times before I started posting to you. I am sure that restoring old settings with infected files didn't help me much. So far so good with my computer. Thanks again for the help. BTW... If I were to buy an antivirus program which one would you recommend? AVG is free and seems to be ok but if you know a better one lemme know. :flowers:

#19 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 12 October 2006 - 02:57 PM

Hey sutmac78

AVG Antivirus is perfectly fine. But if you were considering buying one I personally would recommend BitDefender although many like Kaspersky Antivirus. Both are excellent choices.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#20 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 17 October 2006 - 03:40 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users