0

I recently had a virus problem and virus protection took care of it but i read this thread http://www.daniweb.com/techtalkforums/thread36931.html
with the same problem and it said i should download Hijack This and post a log so here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:42 AM, on 2/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe
C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
C:\Program Files\PC Protection Plus\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PC Protection Plus\Common\FCH32.EXE
C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection Plus\FSPC\fspc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\AOL\1168653640\ee\AOLSoftware.exe
C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe
C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
F:\Program Files\i-tunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection Plus\backweb\6731405\Program\fspex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\DADAND~1\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search =

http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://aifind.cc/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =

http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =

http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://in.webcounter.cc/-/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://drusearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://t.rack.cc/s.php?aid=359
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://t.rack.cc/h.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =

http://www.teenhqpics.com/?homeweber.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://t.rack.cc/s.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://t.rack.cc/s.php?aid=359
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://t.rack.cc/h.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL =

http://www.teenhqpics.com/?homeweber.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://t.rack.cc/s.php?aid=359
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =

http://www.seekwell.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://t.rack.cc/s.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =

http://www.seekwell.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL =

http://ie.search.psn.cn/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

http://t.rack.cc/h.php?aid=359
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =

http://t.rack.cc/h.php?aid=359
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
F1 - win.ini: run=fntldr.exe

C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=Userinit.exe,TGBRFV_
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} -

C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: date send - {F6724457-6D6E-D5F0-0B2A-34D1FCE6933D} -

C:\PROGRA~1\CAMPFI~1\realthird.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -

C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} -

C:\Documents and Settings\Zach\My Documents\School\9th

Grade\stuff\nz\NetZero\toolbar.dll (file missing)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -

C:\Documents and Settings\Zach\My Documents\School\9th

Grade\stuff\nz\NetZero\Toolbar.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1168653640\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common

Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program

Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program

Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [UPSUtl] C:\WINDOWS\web.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mswspl] rundll32 C:\WINDOWS\image.new,Install
O4 - HKLM\..\Run: [More Blah] C:\PROGRA~1\SOFTWA~1\vc hole bash.exe
O4 - HKLM\..\Run: [Mcgiurv] C:\Program Files\Fmaqc\Oyblm.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - HKLM\..\Run: [ezShieldProtector for Px]

C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program

Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe

rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye

Network\bin\bargains.exe
O4 - HKLM\..\Run: [apihg32.exe] C:\WINDOWS\system32\apihg32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD

Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection

Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection

Plus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC

Protection Plus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [aifikoh] c:\windows\system32\vnikcc.exe r
O4 - HKLM\..\Run: [DriveCleaner Free] "C:\Program Files\DriveCleaner

Free\UDC.exe" /min
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common

Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common

Files\DriveCleaner Free\udcpas.exe"
O4 - HKLM\..\Run: [UDC6cw] "C:\Program Files\DriveCleaner

Free\UDC6cw.exe" -c
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program

Files\i-tunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Windows Security Assistant]

C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyMarshal] C:\Program

Files\SpyMarshal\SpyMarshal.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell

Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common

Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - Global Startup: PC Protection Plus.lnk = C:\Program Files\PC

Protection Plus\backweb\6731405\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\PC

Protection Plus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program

Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program

Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00}

- C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter -

{200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection

Plus\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

C:\Program Files\PC Protection Plus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... -

{300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection

Plus\Anti-Spyware\ieshield.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Documents and Settings\Zach\My Documents\School\9th

Grade\stuff\aim\aim.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -

file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm

(file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'winsflt.dll'

missing
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} -

http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} -

http://specific911.com/acc1/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -

http://66.98.190.22/04/msits.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} -

ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/20609/online.chm::

/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} -

its:mhtml:file://C:.mht!http://69.50.191.52/668/b.chm::/b.exe
O16 - DPF: {11111111-1111-1111-1111-111111111234} -

its:mhtml:file://C:.mht!http://69.50.191.52/2484/b.chm::/b.exe
O16 - DPF: {11111111-1111-1111-1111-111111111321} -

its:mhtml:file://C:.mht!http://69.50.191.52/2484/b.chm::/b.exe
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} -

http://counter.69counter.com/cont/sc.cab
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) -

http://67.15.94.29/~popular/load/1495/hhctrl.ocx
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} -

http://allways.drusearch.com/traf/458/load.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/w

uweb_site.cab?1169615291390
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -

http://www.mt-download.com/MediaTicketsInstaller.cab?refid=1050
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} -

http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =

85.255.113.131 85.255.112.74
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer =

85.255.113.131 85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =

85.255.113.131 85.255.112.74
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -

C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini (file missing)
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) -

Unknown owner - C:\WINDOWS\system32\crqz.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: WideOpenWest PC Protection Plus (BackWeb Plug-in -

6731405) - WideOpenWest -

C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
O23 - Service: F-Secure BlackLight Sensor - Unknown owner -

C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure

Corporation - C:\Program Files\PC Protection

Plus\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC

Protection Plus\backweb\6731405\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure

Corporation - C:\Program Files\PC Protection

Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation -

C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\PC

Protection Plus\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner -

C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Security Agent (scagent) - Unknown owner -

C:\WINDOWS\system32\scagent.exe" start (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -

C:\WINDOWS\svcproc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe

2
Contributors
5
Replies
6
Views
10 Years
Discussion Span
Last Post by PhilliePhan
0

I recently had a virus problem and virus protection took care of it. . . .

Wow - I have not seen this many different infections on a machine in quite some time!
You have collected quite a diverse boatload of malware!


It may be easier to simply reformat your machine. However, if you'd like to have a go at cleaning it, please do the following:

Follow the steps that I have written here.
Please obtain the three logs listed below as directed in my steps and post them here.
-- Be sure to EXTRACT HijackThis to a safe folder and RENAME HijackThis.exe as directed in the steps!

1- Kaspersky Online Scan Log
2- AVG Anti-Spy Log
3- Fresh HJT Log

Those ought to provide a decent starting point.
Let me know if you have any questions . . .

Best Luck
PP

0

thank its actually my family comupter not my own so my brothers mess it up pretty good, i'll try out the steps and get back to you. thanks

0

thank its actually my family comupter not my own so my brothers mess it up pretty good, i'll try out the steps and get back to you. thanks

Well . . . The sure messed it up pretty good this time! :)

There are more bad than good items in the HJT log!
-- You will be able to uninstall some via Add/Remove programs, while others will require some specifically designed tools.

It will be a lot of work, but not particularly difficult. Just time-consuming due to the number of tools and scanners you'll need to run.


Cheers :)
PP

0

The Kaspersky scan is attached here (quite long)

Attachments
-------------------------------------------------------------------------------

 KASPERSKY ONLINE SCANNER REPORT

 Saturday, February 17, 2007 3:45:26 PM

 Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

 Kaspersky Online Scanner version: 5.0.83.0

 Kaspersky Anti-Virus database last update: 17/02/2007

 Kaspersky Anti-Virus database records: 254012

-------------------------------------------------------------------------------



Scan Settings:

	Scan using the following antivirus database: standard

	Scan Archives: true

	Scan Mail Bases: true



Scan Target - Critical Areas:

	C:\WINDOWS

	C:\DOCUME~1\DADAND~1\LOCALS~1\Temp\



Scan Statistics:

	Total number of scanned objects: 20642

	Number of viruses found: 37

	Number of infected objects: 1191 / 0

	Number of suspicious objects: 0

	Duration of the scan process: 00:23:42



Infected Object Name / Virus Name / Last Action

C:\WINDOWS\$NtUninstallKB824141$\user32.dll	Object is locked	skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys	Object is locked	skipped

C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll	Object is locked	skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll	Object is locked	skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll	Object is locked	skipped

C:\WINDOWS\$NtUninstallQ329115$\reg00003	Object is locked	skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx	Object is locked	skipped

C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll	Object is locked	skipped

C:\WINDOWS\2_0_1browserhelper2.0ll	Infected: Trojan-Clicker.Win32.Delf.r	skipped

C:\WINDOWS\addah.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addaq32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\adday32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addbl32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addbr32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\adddk32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addgw32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addhc32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addhw.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addhx32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addjb32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addjh.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addjn.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addkb32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addkq32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addkr32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addlo.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addmv32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addni.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addnw32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addpf32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addpq32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addpu.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addpy32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addqa32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addrl32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addro32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addsb.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addtl32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addvr.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\addwz32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addxa32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\addyr32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\ALCHEM.0XE	Infected: Trojan-Downloader.Win32.Alchemic	skipped

C:\WINDOWS\apibf.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\apicu.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apidn.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apiel.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apien.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apifo.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\apigj32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apihf.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apiic.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apiih32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apikz.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apilv32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apimf32.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apimi32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\apinu.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apinx32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\apioy.0xe	Infected: Trojan.Win32.Agent.bi	skipped

C:\WINDOWS\apiqm32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\apiri32.0ll	Infected: Trojan-Downloader.Win32.Agent.bc	skipped

C:\WINDOWS\apisb.0xe	Infec
0

The Kaspersky scan is attached here (quite long)

That's quite a healthy list! Those have been rendered harmless by your resident AV program. We can delete them manually - I do not know why your AV did not remove them. It just changed their extensions to disable them....

--- I'll need the AVG Anti-spy and Fresh HJT Logs before I can post the first removal steps for you.

PP :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.