|
Kaspersky Online Log and HjT Log, I need some help, please.
|
|
|
Against
Suspended due to non-functional email address
|
13. November 2006 @ 15:01 |
Link to this message
|
Kaspersky Anti-Virus database records: 227454
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 69961
Number of viruses found: 7
Number of infected objects: 25 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:34
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_874765332_8257536_9782 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{4DB81ED5-A083-4262-9C99-9F40C195B285}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012006111320061114\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IMT1720.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49703.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49704.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49705.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49706.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49707.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49708.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49709.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49710.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49711.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49713.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49714.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49715.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49716.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49717.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49718.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jar_cache49719.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\MPC15D8.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\toolbox_healer49712.log Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6FDD.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF6FEA.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13B.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13F.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\145.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\148.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\15.tmp Infected: Trojan-Downloader.Win32.Adload.gf skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1B.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.Adload.gf skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\20.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\21.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\24.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.Adload.gf skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29F.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2D.tmp Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\32.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\35.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\90.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\94.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\97.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B6.tmp Infected: Trojan-Downloader.Win32.Adload.gg skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\C9.tmp Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D3.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D6.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP44\change.log Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0000143.exe Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0000144.exe Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0000145.exe Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0000146.exe Object is locked skipped
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP6\A0000147.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{05AA3374-B13E-4FDC-8D1E-8F22F483781F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2837D305-F1BF-4FF3-9C62-0B57502C7F77}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP44\change.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:03 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\QuickTime\qttask.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=111806 serial=WP12WEX-0046611-QCG lang=EN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1136040852562
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1136044701281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by113fd.bay113.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{483F6BD5-671C-48DF-92DA-B5F6ABAB47B8}: NameServer = 198.164.30.62 198.164.4.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{788A21D6-8908-46B8-A229-1FD39BF1598D}: NameServer = 111.124.212.34,213.23.117.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{483F6BD5-671C-48DF-92DA-B5F6ABAB47B8}: NameServer = 198.164.30.62 198.164.4.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
|
|
Advertisement
|
|
|
|
Senior Member
|
14. November 2006 @ 11:45 |
Link to this message
|
|
Looks like Trend Mirco has everything in quarantine-empty it.
Are you having any problems?
|
|
Against
Suspended due to non-functional email address
|
14. November 2006 @ 15:52 |
Link to this message
|
|
Pc is running a little laggy, so I just empty the quaratine completely delete it all? And by the way, Niobis, you truley know your stuff, and thanks so much for putting your time towards helping others with your skill, you'e a great guy, you have no idea how much I appreaciate the help, I really do :p. Thanks, You've fixed my pc a lot and now I can surf a lot faster and feel more safe.
|
Senior Member
|
14. November 2006 @ 18:03 |
Link to this message
|
Quote:
so I just empty the quaratine completely delete it all?
Yes, nothing is outside quarantine.
You're welcome and thank you for the kudos! Just like to help, plus I learn a lot in the process. :)
|
|
Against
Suspended due to non-functional email address
|
17. November 2006 @ 13:30 |
Link to this message
|
|
Hey Niobis, I still kep getting pop ups looks something like this;
[IMG]http://img136.imageshack.us/img136/9733/untitledjt6.png[/IMG], I'm kind of worried, my pc runs really slow now. Anything I should do for you to check out my system?
|
|
Against
Suspended due to non-functional email address
|
17. November 2006 @ 17:49 |
Link to this message
|
|
Edit: I only get this pop-up when away from my pc. It's usually for about 6 hours or so. And there's usually 9 or 10, I just want it removed, I don't feel safe at all right now, even going on here.
|
Senior Member
|
17. November 2006 @ 21:16 |
Link to this message
|
|
It's in the System Restore folder, so it's not getting out unless you use System Restore. I apologize, there were entires from the System Restore folder in you Kaspersky log, I should have asked you to empty it sooner.
To clean the System Restore folder, just turn it off.
Turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply, then OK.
Restart and turn System Restore back on.
|
|
Against
Suspended due to non-functional email address
|
18. November 2006 @ 13:19 |
Link to this message
|
|
No problem, I really appreciate the help, it doesn't seem that I'm getting that pop-up anymore. Are there any other problem with my system? Still seems to run a tad slow.
|
Senior Member
|
18. November 2006 @ 14:09 |
Link to this message
|
Only other thing I see out of place is:
O17 - HKLM\System\CCS\Services\Tcpip\..\{788A21D6-8908-46B8-A229-1FD39BF1598D}: NameServer = 111.124.212.34,213.23.117.20
It is different than the other two entries which may belong to your ISP. I can't find much with WHOIS for that IP, so I'm not sure if it is bad or not. In previous logs you've posted the above entry is always showing so it may belong to your ISP.
Go ahead and fix that entry with HijackThis. If you loose internet connection after restore the entry and then fix the other two. Again, if you loose internet connection after fixing those two restore them also.
Open HijackThis.
Click "View a list of backups".
Select the entry and click "Restore".
Post a new HijackThis log after fixing or restoring the entries.
|
|
Against
Suspended due to non-functional email address
|
19. November 2006 @ 10:28 |
Link to this message
|
|
^ Sorry, I'm kind of lost in what you just said. Should I fix all of them or just that first one that you named?
|
Senior Member
|
19. November 2006 @ 11:02 |
Link to this message
|
Sorry for being confusing. Been researching them a bit more and think this one is the only one out of place.
Close all open windows.
Open HijackThis and fix this:
O17 - HKLM\System\CCS\Services\Tcpip\..\{788A21D6-8908-46B8-A229-1FD39BF1598D}: NameServer = 111.124.212.34,213.23.117.20
You shouldn't loose internet connection after that, but if you do restore the entry by the above instructions.
|
|
Against
Suspended due to non-functional email address
|
20. November 2006 @ 10:18 |
Link to this message
|
|
Once again, thanks for your help, I fixed it and didn't lose my connection, so I'm completley safe now?
|
Senior Member
|
20. November 2006 @ 12:04 |
Link to this message
|
|
Yup, should be good and clean now.
You're welcome and good luck!
|
|
Against
Suspended due to non-functional email address
|
20. November 2006 @ 14:11 |
Link to this message
|
|
Thanks! I really do appreciate the help, how old are you if you don't mind me asking? :P And, I won't be downloading files that don't look safe anymore, I'm pretty sure that's what triggered the spreading, but atleast now, from a little help, I get a chance to clean up my system, {something I probably wouldn't have been able to do myself}, I really do appreciate it! And I hope to talk to you again.
- Against.
|
|
Advertisement
|
|
|
Senior Member
|
20. November 2006 @ 17:54 |
Link to this message
|
20
Quote:
I won't be downloading files that don't look safe anymore
Scan anything you don't trust before opening it. If you download any files from a P2P client always scan them with your AV and AS, except for mp3's, usually mp3's are safe.
For internet, you could get Site Advisor by McAfee. It will tell you what sites are bad and why. View the site details and it will tell you what files, if any, are infected. Personally, I wouldn't surf the net without Site Advisor, ever. :)
|
