Show Posts
1
Tech Clinic / Cant get rid of virus
« on: June 12, 2005, 05:19:47 PM »
HI!
I'm having trubel geting rid of viruses. I'm runing AVG but it dosent find the viruses, when i run Microworld Antivirus it finds:
File C:\WINDOWS\System32\setup32.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\setup32.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
Object "ISTsvc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "YourSiteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll". Action Taken: No Action Taken.
File C:\WINDOWS\System32\4.html infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\aguss.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\bntm.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cdyeia.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\czfoi.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dwrnqbm.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\edjb.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ezywfjs.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hijstku.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hosterv.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ibkgqpou.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\kltec.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mss.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\nnnfll.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\oakd.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\oiwlo.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ovaxvwxf.exe infected by "Backdoor.Win32.PoeBot.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\pdimfec.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ppezpvhx.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rfkhyqsr.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rhzqxxe.exe infected by "Backdoor.Win32.PoeBot.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Sygate.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tgcu.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vefwcox.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vpyfoxap.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wxnr.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\xlloq.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ydbcnt.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\yvodfxul.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\zozhoagz.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\zwir.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
And this is my HJT list:
Logfile of HijackThis v1.99.1
Scan saved at 00:00:29, on 2005-06-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Jessica\LOKALA~1\Temp\mwavscan.com
C:\DOCUME~1\Jessica\LOKALA~1\Temp\kavss.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118600401439
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
StartupList report, 2005-06-13, 00:01:13
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Jessica\LOKALA~1\Temp\mwavscan.com
C:\DOCUME~1\Jessica\LOKALA~1\Temp\kavss.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,setup32.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AVG7_CC = C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\Program\Grisoft\AVGFRE~1\avgemc.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Update = wuamkop32.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer = C:\Program\Spybot - Search & Destroy\TeaTimer.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1118600401439
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 4 541 bytes
Report generated in 0,090 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Some one Help me pleas.
I ran houscalls online scan, but it dident find any thing.
Allso AVG keeps poping upp saying that it detected a virus valld colected.5.L, i press heal and it tels me that it was heald. but it doesent take long befor it pops upp agin.
I'm having trubel geting rid of viruses. I'm runing AVG but it dosent find the viruses, when i run Microworld Antivirus it finds:
File C:\WINDOWS\System32\setup32.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\setup32.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
Object "ISTsvc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "YourSiteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll". Action Taken: No Action Taken.
File C:\WINDOWS\System32\4.html infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\aguss.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\bntm.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cdyeia.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\czfoi.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dwrnqbm.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\edjb.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ezywfjs.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hijstku.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hosterv.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ibkgqpou.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\kltec.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mss.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\nnnfll.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\oakd.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\oiwlo.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ovaxvwxf.exe infected by "Backdoor.Win32.PoeBot.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\pdimfec.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ppezpvhx.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rfkhyqsr.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rhzqxxe.exe infected by "Backdoor.Win32.PoeBot.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Sygate.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tgcu.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vefwcox.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vpyfoxap.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wxnr.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\xlloq.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ydbcnt.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\yvodfxul.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\zozhoagz.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\zwir.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
And this is my HJT list:
Logfile of HijackThis v1.99.1
Scan saved at 00:00:29, on 2005-06-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Jessica\LOKALA~1\Temp\mwavscan.com
C:\DOCUME~1\Jessica\LOKALA~1\Temp\kavss.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118600401439
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
StartupList report, 2005-06-13, 00:01:13
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Jessica\LOKALA~1\Temp\mwavscan.com
C:\DOCUME~1\Jessica\LOKALA~1\Temp\kavss.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,setup32.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AVG7_CC = C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\Program\Grisoft\AVGFRE~1\avgemc.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Update = wuamkop32.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer = C:\Program\Spybot - Search & Destroy\TeaTimer.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1118600401439
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 4 541 bytes
Report generated in 0,090 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Some one Help me pleas.
I ran houscalls online scan, but it dident find any thing.
Allso AVG keeps poping upp saying that it detected a virus valld colected.5.L, i press heal and it tels me that it was heald. but it doesent take long befor it pops upp agin.