i cannot access anti virus sites

ZAck22 February 12, 2009 at 14:47:47
Specs: Windows XP
hey guys
i cannot access anti virus sites , neither updates my kaspersky .. i think its a virus that blocks any web address that has the name of an antivirus in it
anyway ... after that i followed what some guys said about sdfix , here's the report that i had .. can anyone help .. please ?
[b]SDFix: Version 1.240 [/b]
Run by zakhour haddad on Fri 02/13/2009 at 01:55 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\.security - Deleted
C:\WINDOWS\.security - Deleted
C:\WINDOWS\system32\drivers\etc\.security - Deleted
C:\WINDOWS\mslagent\2_mslagent.dll - Deleted
C:\WINDOWS\mslagent\mslagent.exe - Deleted
C:\WINDOWS\mslagent\uninstall.exe - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\Program Files\Inet Delivery\inetdl.exe - Deleted
C:\Program Files\Inet Delivery\intdel.exe - Deleted
C:\Program Files\PC-Antispy\ASpyStBlk.dll - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\pupdmgr.exe.bat - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\pwrmgr.exe.bat - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\windfr.exe.bat - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\tmp3E.tmp - Deleted
C:\WINDOWS\a.bat - Deleted
C:\WINDOWS\zip1.tmp - Deleted
C:\WINDOWS\zip2.tmp - Deleted
C:\WINDOWS\zip3.tmp - Deleted
C:\WINDOWS\zipped.tmp - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\myconfig.php.bat - Deleted
C:\DOCUME~1\ZAKHOU~1\LOCALS~1\Temp\pwrmgr.exe - Deleted
C:\WINDOWS\a.bat - Deleted
C:\WINDOWS\base64.tmp - Deleted
C:\WINDOWS\bdn.com - Deleted
C:\WINDOWS\FVProtect.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\mssecu.exe - Deleted
C:\WINDOWS\system32\akttzn.exe - Deleted
C:\WINDOWS\system32\anticipator.dll - Deleted
C:\WINDOWS\system32\awtoolb.dll - Deleted
C:\WINDOWS\system32\bdn.com - Deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
C:\WINDOWS\system32\dpcproxy.exe - Deleted
C:\WINDOWS\system32\emesx.dll - Deleted
C:\WINDOWS\system32\h@tkeysh@@k.dll - Deleted
C:\WINDOWS\system32\hoproxy.dll - Deleted
C:\WINDOWS\system32\hxiwlgpm.dat - Deleted
C:\WINDOWS\system32\hxiwlgpm.exe - Deleted
C:\WINDOWS\system32\medup012.dll - Deleted
C:\WINDOWS\system32\medup020.dll - Deleted
C:\WINDOWS\system32\msgp.exe - Deleted
C:\WINDOWS\system32\msnbho.dll - Deleted
C:\WINDOWS\system32\mssecu.exe - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\mtr2.exe - Deleted
C:\WINDOWS\system32\mwin32.exe - Deleted
C:\WINDOWS\system32\netode.exe - Deleted
C:\WINDOWS\system32\newsd32.exe - Deleted
C:\WINDOWS\system32\ps1.exe - Deleted
C:\WINDOWS\system32\psof1.exe - Deleted
C:\WINDOWS\system32\psoft1.exe - Deleted
C:\WINDOWS\system32\regc64.dll - Deleted
C:\WINDOWS\system32\regm64.dll - Deleted
C:\WINDOWS\system32\Rundl1.exe - Deleted
C:\WINDOWS\system32\smp\msrc.exe - Deleted
C:\WINDOWS\system32\sncntr.exe - Deleted
C:\WINDOWS\system32\ssurf022.dll - Deleted
C:\WINDOWS\system32\ssvchost.com - Deleted
C:\WINDOWS\system32\ssvchost.exe - Deleted
C:\WINDOWS\system32\sysreq.exe - Deleted
C:\WINDOWS\system32\taack.dat - Deleted
C:\WINDOWS\system32\taack.exe - Deleted
C:\WINDOWS\system32\temp#01.exe - Deleted
C:\WINDOWS\system32\thun.dll - Deleted
C:\WINDOWS\system32\thun32.dll - Deleted
C:\WINDOWS\system32\VBIEWER.OCX - Deleted
C:\WINDOWS\system32\vbsys2.dll - Deleted
C:\WINDOWS\system32\vcatchpi.dll - Deleted
C:\WINDOWS\system32\winlogonpc.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted
C:\WINDOWS\system32\WINWGPX.EXE - Deleted
C:\WINDOWS\userconfig9x.dll - Deleted
C:\WINDOWS\winsystem.exe - Deleted

Folder C:\Program Files\akl - Removed
Folder C:\Program Files\Inet Delivery - Removed
Folder C:\Program Files\PC-Antispy - Removed
Folder C:\WINDOWS\mslagent - Removed
Folder C:\WINDOWS\system32\smp - Removed


Removing Temp Files

[b]ADS Check [/b]:


[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 02:05:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\knrxqcbw]
"DisplayName"="Server Boot"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Anchor service for Autodesk products licensed with SafeCast"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\knrxqcbw\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\xzjjutef.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000]
"ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV9000.SYS"
"Group"="SCSI Miniport"
"ImagePath"=str(2):"system32\DRIVERS\vdrv9000.sys"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000022

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\Enum]
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001
"0"="Root\SCSIADAPTER\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv9000\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\knrxqcbw]
"DisplayName"="Server Boot"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Anchor service for Autodesk products licensed with SafeCast"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\knrxqcbw\Parameters]
"ServiceDll"=str(2):"C:\WINDOWS\system32\xzjjutef.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vdrv9000]
"ServiceBinary"="C:\WINDOWS\system32\drivers\VDRV9000.SYS"
"Group"="SCSI Miniport"
"ImagePath"=str(2):"system32\DRIVERS\vdrv9000.sys"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001
"Tag"=dword:00000022

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vdrv9000\Enum]
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001
"0"="Root\SCSIADAPTER\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vdrv9000\parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vdrv9000\security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3223760C-EA20-1078-B0C4-A5386EDD84B5}]
"faidlmebodfh"=hex:66,61,63,65,61,65,65,67,66,6c,64,65,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Salling Software AB\\Salling Clicker\\WinClicker.exe"="C:\\Program Files\\Salling Software AB\\Salling Clicker\\WinClicker.exe:*:Enabled:WinClicker.exe"
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"D:\\3dsmax6\\3dsmax.exe"="D:\\3dsmax6\\3dsmax.exe:*:Disabled:3ds max application"
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\WINDOWS\\system32\\dllhost.exe"="C:\\WINDOWS\\system32\\dllhost.exe:*:Enabled:COM Surrogate"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 25 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 14 Apr 2008 159,840 A.SHR --- "C:\WINDOWS\system32\xzjjutef.dll"
Tue 13 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP1\A0000005.dll"
Wed 14 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP1\A0001004.dll"
Fri 23 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP10\A0004239.dll"
Fri 23 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP10\A0005234.dll"
Sat 24 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP11\A0005248.dll"
Sun 25 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP12\A0005282.dll"
Sun 25 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP12\A0005298.dll"
Mon 26 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP12\A0006298.dll"
Mon 26 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP13\A0006306.dll"
Mon 26 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP13\A0006317.dll"
Tue 27 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP14\A0006323.dll"
Wed 28 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP14\A0006334.dll"
Wed 28 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP14\A0007352.dll"
Fri 30 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP15\A0007373.dll"
Fri 30 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP15\A0007383.dll"
Fri 30 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP15\A0007413.dll"
Sat 31 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP15\A0007429.dll"
Sat 31 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP15\A0007438.dll"
Sat 31 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP15\A0007452.dll"
Sat 31 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP16\A0007458.dll"
Sun 1 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP16\A0007476.dll"
Sun 1 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP17\A0007483.dll"
Sun 1 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP17\A0007492.dll"
Mon 2 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP17\A0007505.dll"
Mon 2 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP18\A0007512.dll"
Tue 3 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP18\A0007532.dll"
Tue 3 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP19\A0007543.dll"
Wed 4 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP19\A0007554.dll"
Wed 14 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP2\A0001015.dll"
Thu 15 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP2\A0002004.dll"
Thu 5 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP20\A0007574.dll"
Fri 6 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP21\A0007598.dll"
Fri 6 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP21\A0007612.dll"
Sat 7 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP22\A0007627.dll"
Sat 7 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP22\A0007667.dll"
Sun 8 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP22\A0007691.dll"
Sun 8 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP22\A0007704.dll"
Sun 8 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP22\A0007729.dll"
Mon 9 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP22\A0007742.dll"
Mon 9 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP23\A0007746.dll"
Tue 10 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP23\A0007758.dll"
Tue 10 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP24\A0007768.dll"
Tue 10 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP24\A0007778.dll"
Wed 11 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP25\A0007784.dll"
Thu 12 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP25\A0007797.dll"
Thu 12 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP27\A0007919.dll"
Thu 12 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP28\A0007948.dll"
Fri 13 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP28\A0007970.dll"
Fri 13 Feb 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP28\A0008042.dll"
Fri 16 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP3\A0002018.dll"
Sat 17 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP4\A0002033.dll"
Sun 18 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP5\A0002071.dll"
Sun 18 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP5\A0002082.dll"
Mon 19 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP6\A0002098.dll"
Mon 19 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP6\A0002107.dll"
Mon 19 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP6\A0002121.dll"
Tue 20 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP6\A0002132.dll"
Tue 20 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP7\A0002140.dll"
Tue 20 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP7\A0002153.dll"
Wed 21 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP8\A0002178.dll"
Wed 21 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP8\A0002189.dll"
Thu 22 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP9\A0002198.dll"
Thu 22 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP9\A0003189.dll"
Thu 22 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP9\A0003220.dll"
Fri 23 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP9\A0003235.dll"
Fri 23 Jan 2009 530,174 A..H. --- "C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP9\A0004234.dll"
Thu 9 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 17 Oct 2007 361,328 A..H. --- "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll"
Fri 13 Feb 2009 530,174 A..H. --- "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll"
Wed 17 Oct 2007 1,247,600 A..H. --- "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Wed 17 Oct 2007 462,704 A..H. --- "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll"
Sat 8 Sep 2007 395,312 A..H. --- "C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys"
Fri 21 Sep 2007 2,454,576 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\CCERASER.DLL"
Mon 23 Jul 2007 284,016 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\ECMSVR32.DLL"
Fri 21 Sep 2007 395,312 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\EECTRL.SYS"
Fri 21 Sep 2007 112,688 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\ERASER.SYS"
Mon 23 Jul 2007 81,232 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\NAVENG.SYS"
Mon 23 Jul 2007 124,272 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\NAVENG32.DLL"
Mon 23 Jul 2007 865,904 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\NAVEX15.SYS"
Mon 23 Jul 2007 914,800 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071101.016\NAVEX32A.DLL"
Fri 21 Sep 2007 2,454,576 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\CCERASER.DLL"
Mon 23 Jul 2007 284,016 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\ECMSVR32.DLL"
Fri 21 Sep 2007 395,312 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\EECTRL.SYS"
Fri 21 Sep 2007 112,688 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\ERASER.SYS"
Wed 14 Nov 2007 81,232 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\NAVENG.SYS"
Wed 14 Nov 2007 124,272 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\NAVENG32.DLL"
Wed 14 Nov 2007 865,904 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\NAVEX15.SYS"
Wed 14 Nov 2007 914,800 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.002\NAVEX32A.DLL"
Mon 26 Nov 2007 2,455,088 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\CCERASER.DLL"
Mon 23 Jul 2007 284,016 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\ECMSVR32.DLL"
Fri 21 Sep 2007 395,312 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\EECTRL.SYS"
Fri 21 Sep 2007 112,688 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\ERASER.SYS"
Wed 14 Nov 2007 81,232 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\NAVENG.SYS"
Wed 14 Nov 2007 124,272 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\NAVENG32.DLL"
Wed 14 Nov 2007 865,904 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\NAVEX15.SYS"
Wed 14 Nov 2007 914,800 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071126.021\NAVEX32A.DLL"
Fri 21 Sep 2007 2,454,576 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll"
Mon 23 Jul 2007 284,016 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll"
Fri 21 Sep 2007 395,312 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys"
Fri 21 Sep 2007 112,688 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eraser.sys"
Wed 14 Nov 2007 81,232 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys"
Wed 14 Nov 2007 124,272 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll"
Wed 14 Nov 2007 865,904 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys"
Wed 14 Nov 2007 914,800 A..H. --- "C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll"
Mon 3 Sep 2007 978,944 A.SH. --- "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\gh.rsd124\rasha\SIV38.tmp"

[b]Finished![/b]


See More: i cannot access anti virus sites

Report •


#1
February 12, 2009 at 15:47:51
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


If Malwarebytes installed but will not run navigate to this folder:

C:\Programs Files\Malwarebytes' AntiMalware

Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
February 12, 2009 at 22:53:18
still am unable to update :S
this is my malware anti malware log file .. and btw .. it wasnt able to update .. though it found 7 threats :

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3

2/13/2009 10:40:57 AM
mbam-log-2009-02-13 (10-40-57).txt

Scan type: Quick Scan
Objects scanned: 76761
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60b244be-559d-4269-b96e-cd264d828ec9} (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


and this is the hijack log file :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:22 AM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Virtual CD v9\System\vc9secs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zakhour haddad\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jazeeraairways.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///F:/setup/RiffLick.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
O24 - Desktop Component 0: (no name) - http://www.freedesktopwallpapers.ru...

--
End of file - 10039 bytes

what's next ? am still unable


Report •

#3
February 12, 2009 at 23:50:31
ok .. i think i know what it is now ...
its a new virus ... follow this link so check it out .. it cleaned everything ..
http://www.secureworks.com/research...

Report •

Related Solutions

#4
February 13, 2009 at 07:26:29
Looks like you are infected with the Conficker virus. Good luck in cleaning!

Or, welcome to the botnet =))


Report •


Ask Question