this virus is bugging me for while.how do remove this? when i did a scan there still in c:\kathyros.vbs and win\system32\kathyros.vbs iam unable to detect even in safe mode?

huntermrb

This could take several different scans to find the problem files.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:56 AM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,kathyros.bat
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

--
End of file - 4623 bytes

huntermrb

Run Hijack This again, close all windows and browsers, place a check to the left of the following items and press "fix checked":

F2 - REG:system.ini: UserInit=userinit.exe,kathyros.bat

Exit Hijack This.

Do the following to show hidden files:

Click Start> My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Next, reboot your computer in Safe Mode by doing the following :
Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Navigate to and delete this file if found:

C:\WINDOWS\system32\kathyros.bat

Restart the computer into normal mode.

Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces and a new Hijack This log please.

ComboFix 07-12-26.3 - huntermrb 2007-12-26 12:32:24.10 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.263 [GMT -8:00]
Running from: C:\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 10:25 . 2007-12-26 10:25 <DIR> d--hs---- C:\FOUND.001
2007-12-26 07:38 . 2007-12-26 07:38 <DIR> d-------- C:\Program Files\WinASO
2007-12-26 06:23 . 2007-12-26 11:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-26 06:23 . 2007-12-26 11:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-26 06:22 . 2007-12-26 06:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-26 06:22 . 2007-12-26 11:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-26 06:14 . 2007-12-26 06:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-26 05:40 . 2007-12-26 05:40 <DIR> d-------- C:\Downloads
2007-12-26 05:32 . 2007-12-26 05:32 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-26 05:30 . 2007-12-26 05:30 <DIR> d---s---- C:\Documents and Settings\huntermrb\UserData
2007-12-25 22:49 . 2007-12-25 22:49 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-25 22:30 . 2007-12-25 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 21:57 . 2007-12-25 21:57 <DIR> d-------- C:\Program Files\backups
2007-12-25 19:40 . 2007-12-25 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-12-25 18:04 . 2007-12-25 18:04 <DIR> d--hs---- C:\FOUND.000
2007-12-25 17:42 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 17:23 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-25 16:34 . 2007-12-25 16:34 <DIR> d-------- C:\WINDOWS\Sun
2007-12-25 16:34 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-25 16:34 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-25 16:34 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-25 16:34 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-12-25 16:34 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-25 16:34 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-25 16:33 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-12-25 16:31 . 2007-12-25 16:31 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-25 16:31 . 2007-12-25 16:31 <DIR> d-------- C:\Program Files\Ahead
2007-12-25 16:31 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-25 16:29 . 2007-12-25 16:29 <DIR> d-------- C:\Program Files\honestech
2007-12-25 16:28 . 2002-09-30 04:38 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS
2007-12-25 16:13 . 2007-12-25 16:13 <DIR> d-------- C:\Program Files\Chikka V4
2007-12-25 16:13 . 2007-12-25 16:13 <DIR> d-------- C:\logs
2007-12-25 16:13 . 2007-12-25 16:13 <DIR> d-------- C:\Documents and Settings\huntermrb\ChikkaDefault
2007-12-25 16:12 . 2007-12-25 16:12 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\ACD Systems
2007-12-25 16:12 . 2007-12-25 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-12-25 16:11 . 2007-12-25 16:11 <DIR> d-------- C:\Program Files\TheSage
2007-12-25 16:11 . 2007-12-25 16:11 <DIR> d-------- C:\Program Files\ACD Systems
2007-12-25 15:58 . 2007-12-25 15:58 <DIR> d-------- C:\Program Files\mIRC
2007-12-25 15:50 . 2007-12-25 15:50 <DIR> d-------- C:\Program Files\uTorrent
2007-12-25 14:53 . 2007-12-25 14:53 1,167 --a------ C:\WINDOWS\mozver.dat
2007-12-25 14:30 . 2007-12-25 14:30 10 --a------ C:\WINDOWS\WININIT.INI
2007-12-25 14:20 . 2007-12-25 14:20 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\vlc
2007-12-25 14:19 . 2007-12-25 14:19 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\DivX
2007-12-25 14:15 . 2007-12-25 14:15 <DIR> d--h----- C:\VisualBoyAdvance-1.7
2007-12-25 14:15 . 2007-12-25 14:15 <DIR> d--h----- C:\Flash Games
2007-12-25 14:07 . 2003-02-25 14:30 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2007-12-25 14:07 . 2003-05-23 23:06 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2007-12-25 14:07 . 2002-10-24 00:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2007-12-25 13:41 . 2007-12-25 13:41 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-25 13:40 . 2007-12-25 13:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-25 13:39 . 2007-12-25 13:39 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-25 13:36 . 2007-12-25 13:36 <DIR> d-------- C:\Program Files\FlashGet
2007-12-25 13:36 . 2004-08-04 06:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-25 13:35 . 2007-12-25 13:35 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-25 13:35 . 2007-12-25 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 13:30 . 2007-12-25 13:30 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\mIRC
2007-12-25 13:29 . 2007-12-25 13:29 <DIR> d-------- C:\Program Files\Winamp
2007-12-25 13:29 . 2007-12-25 13:29 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\Winamp
2007-12-25 13:27 . 2007-12-25 13:27 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-12-25 13:27 . 2007-12-25 13:27 <DIR> d-------- C:\Program Files\AvRack
2007-12-25 13:27 . 2002-11-20 23:07 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-12-25 13:26 . 2003-07-24 01:07 8,936,448 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2007-12-25 13:25 . 2007-12-25 13:25 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-25 13:24 . 2007-12-25 13:24 <DIR> d-------- C:\Program Files\FLV Player
2007-12-25 13:24 . 2007-12-25 13:24 <DIR> d-------- C:\Program Files\DivX
2007-12-25 13:21 . 2007-12-25 13:21 <DIR> d-------- C:\Program Files\Clock Tray Skins
2007-12-25 13:21 . 2007-12-25 13:21 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-12-25 13:20 . 2007-12-25 13:20 <DIR> d-------- C:\Program Files\CCleaner
2007-12-25 13:19 . 2007-12-25 13:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-25 13:19 . 2007-12-25 13:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 13:19 . 2007-12-25 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 13:16 . 2007-12-25 13:16 <DIR> d-------- C:\Program Files\IObit
2007-12-25 13:13 . 2007-12-25 13:13 <DIR> d-------- C:\Documents and Settings\huntermrb\dwhelper
2007-12-25 13:12 . 2007-12-25 13:12 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\uTorrent
2007-12-25 13:11 . 2007-12-25 13:11 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 13:10 . 2007-12-25 13:10 <DIR> d-------- C:\Program Files\Java
2007-12-25 13:10 . 2007-12-25 13:10 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-25 13:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-25 13:07 . 2007-12-25 13:07 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2007-12-25 13:04 . 2007-12-25 13:04 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-12-25 13:04 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2007-12-25 13:04 . 2000-06-07 01:01 169,472 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-12-25 13:03 . 2005-08-30 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-25 13:02 . 2007-12-25 13:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 13:02 . 2005-08-30 06:12 524,850 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-12-25 13:02 . 2005-08-30 21:08 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-12-25 13:02 . 2005-08-26 06:54 104,373 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-12-25 13:02 . 2005-06-08 11:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-12-25 13:02 . 2005-08-30 22:01 23,936 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-12-25 13:02 . 2005-07-01 17:54 5,496 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-12-25 13:02 . 2005-08-30 06:12 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-12-25 13:01 . 2007-12-25 13:01 <DIR> d-------- C:\Program Files\EPSON
2007-12-25 13:00 . 2007-12-25 13:00 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\ATI
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 14:12 4,782 ----a-w C:\Program Files\hijackthis.log
2007-12-25 20:58 --------- d-----w C:\Program Files\ATI Technologies
2007-12-25 20:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 20:35 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2005-07-27 23:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 06:50 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2007-12-26 08:15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-12-25 13:04:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-31 00:40:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 12:33:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 12:33:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:17 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

--
End of file - 4497 bytes

didn't found any kathyros file

thank you very much

huntermrb

The baddie appears to be gone, is the computer operating better?

the computer is working perfectly no more annoying kathyros

huntermrb

Glad we could help.

Hi! I also have this problem with my external HD. I cant open it. I tried downloading Hijack this but everytime i open it there's a message that says win32 cannot open the said file. What will i do? I'm not an expert when it comes to fixing computers so i really need a step by step instructions. Need help.