Computer Problems

[Pokey86]

I am not certain what you mean by this.

I mean i'll edit in the Kaspersky scan IN TO my post as in use the edit function on the thread

I did not mean delete the entire folder, just the file inside.
Sorry Pokey, but I am totally confused here.

Woops, i apologise i added the arrow mid way in the text, i did mean the entire thing would not delete.

Sorry for all the confusion

[jholland1964]

I mean i'll edit in the Kaspersky scan IN TO my post as in use the edit function on the thread

I am sorry Pokey, but I still don't understand

[jholland1964]

Let's try this;
First Open SpyBot, click Recovery (left pane)
Select all items (right pane)
Click "Purge selected items", close SpyBot.

Now try running Pocket Killbox again and see if these can be removed;
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe

Once you have completed the above and rebooted then run a new Kaspersky scan, save the log and then run a new HJT scan and post both logs here.

[Pokey86]

Let's try this;
First Open SpyBot, click Recovery (left pane)
Select all items (right pane)
Click "Purge selected items", close SpyBot.

Now try running Pocket Killbox again and see if these can be removed;
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\Desktop\My Downloads\delightfuldolphins.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe

Once you have completed the above and rebooted then run a new Kaspersky scan, save the log and then run a new HJT scan and post both logs here.

The one in bold deleted, however you seem to have linked me to the same location 5 times for each one

[jholland1964]

I only copied what was showing in the logs. If there was only one copy then that is fine.

[Pokey86]

here's my Kaspersky log

---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 12, 2006 4:12:28 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/11/2006
Kaspersky Anti-Virus database records: 240771
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 143440
Number of viruses found: 12
Number of infected objects: 16 / 0
Number of suspicious objects: 2
Duration of the scan process: 02:34:17

Infected Object Name / Virus Name / Last Action
C:\!KillBox\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\!KillBox\delightfuldolphins.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\!KillBox\delightfuldolphins.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
C:\!KillBox\delightfuldolphins.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
C:\!KillBox\delightfuldolphins.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped
C:\!KillBox\delightfuldolphins.exe WiseSFX: infected - 4 skipped
C:\!KillBox\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\!KillBox\tlwwncoq.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\!KillBox\weather.exe ( 1) Infected: Trojan-Downloader.Win32.Centim.an skipped
C:\!KillBox\WinFixer.zip/UWFX5_0001_LP1014NetInstaller.exe Suspicious: Password-protected-EXE skipped
C:\!KillBox\WinFixer.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Debs\My Documents\My Received Files\vnc-4.0-x86_win32.exe Inno: infected - 3 skipped
C:\Documents and Settings\Keith\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\History\History.IE5\MSHist012006111220061 113\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\Free Download Manager\tic19.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\Free Download Manager\tic1B.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\Free Download Manager\tic1B1.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\Free Download Manager\tic1C.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temp\~DF8ECE.tmp Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\KDQ7K1AF\WinAntiVirusPro2006Free Install[1].exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Keith\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Keith\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Keith\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Free Download Manager\fdm.log Object is locked skipped
C:\Program Files\Μicrosoft\winlogon.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7549.sys Object is locked skipped
C:\WINDOWS\system32\drvwac.dll Infected: not-virus:Hoax.Win32.Renos.ge skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[jholland1964]

I am sorry Pokey, I have no clue here as to what you are doing. Most of these items should have been removed, IN SAFE MODE, by the AVG program. I cannot understand why they are still there.

Try this program a-squared
Download it, install it, update it.
Reboot to SAFE MODE. Run the program and tell it to remove everything found.

[TurcoLoco]

Pokey,

Since this thread has lasted as long as it has, Jholland understandably got a bit exhausted so I will step in this once to help you both (hopefully) by preparing a specialized script for you to help automate the removal of the files on the Kaspersky list identified as a baddie.

But make sure to run the script exactly as I will instruct after booting in Safe Mode, ok?

First things first, before I create the script, I would like you to visit this post and download/run the AnalyzerXP (an experimental scan tool).
It will dump the scan results into a file called Analyzer.txt and place it on Desktop, please attach that log file cause I need to take a look to make sure there are not other files that I should be including in the special removal tool I will create for you.

I will wait for your reply...

~TL

[Pokey86]

Pokey,

Since this thread has lasted as long as it has, Jholland understandably got a bit exhausted so I will step in this once to help you both (hopefully) by preparing a specialized script for you to help automate the removal of the files on the Kaspersky list identified as a baddie.

But make sure to run the script exactly as I will instruct after booting in Safe Mode, ok?

First things first, before I create the script, I would like you to visit this post and download/run the AnalyzerXP (an experimental scan tool).
It will dump the scan results into a file called Analyzer.txt and place it on Desktop, please attach that log file cause I need to take a look to make sure there are not other files that I should be including in the special removal tool I will create for you.

I will wait for your reply...

~TL

I've downloaded it but everytime i try to run it all i get is the timer cursor come up for a split second then disappear, after that nothing happens. This also happened (& still does) with RogueScanFix.

Another problem is, everytime i boot in to safe mode there is absoultely NOTHING on the desktop, right click or left click does nothing. the cursor moves & Alt+ctrl+del works but THAT is all. (There is also no start bar) I'm not sure why it started doing this, but obviously it prevents me from running anything in safe mode. However in normal mode everything on the desktop is fine

Sorry for all the trouble...

[jholland1964]

This also happened (& still does) with RogueScanFix.

Why are you still trying to run this program? You were only told to try to run this program once, it didn't work. UNINSTALL IT.