Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:
Normal
Advanced
Help

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.
Attachment:
    

Topic Review
Pancake

[*] posted on 3-1-2008 at 21:41
Can you run and post a new HJT log please.I will have another look.Can you tell me exactly what the error msg says.
LSemmens

[*] posted on 3-1-2008 at 11:43
If Pancake gives you the "all clear" now, which, I suspect, may be the case. A repair of your Windoze instal may be in order. Before you try it, though, try ewido again, and wait for Pancake's clearance. Can you give us the exact wording of the message.
MTM

[*] posted on 3-1-2008 at 10:25
Hi Pancake - sorry fo my delay in posting back. I've been away for a couple of days.

Unfortunately, I still get the error message popping up on my screen 2 or 3 times before I can run AOL. Is there anything I can do to get rid of this?


Thanks again for all your help thus far.


Martin
Pancake

[*] posted on 30-12-2007 at 23:27
Odd....I would have liked to see if it fixed anything....Are things running any better.???
MTM

[*] posted on 30-12-2007 at 22:39
Hi Pancake - I did the scan and everything you said but for some reason there was no report to be saved once the scan was complete - I double checked that I did everything you said and that I checked/unchecked the correct boxes but there was no report to save at the end.
Pancake

[*] posted on 29-12-2007 at 22:35
You dont have any major problems but I would like to see the Exploit cleaned out.


First download ewido anti-spyware from HERE http://www.ewido.net/en/download/ and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

Launch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
MTM

[*] posted on 29-12-2007 at 18:44
Here's the latest scan:

Saturday, December 29, 2007 6:43:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/12/2007
Kaspersky Anti-Virus database records: 499999


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 23995
Number of viruses found 2
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 00:22:21

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{B1F7DA45-178D-4CC6-9680-D173C2E4C53F}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\fla51E.tmp Object is locked skipped

C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\~DFEB20.tmp Object is locked skipped

Scan process completed.

Have I got any option left?


Martin
MTM

[*] posted on 29-12-2007 at 17:51
Many thanks LSemmens.

Thanks once again Pancake. I've done the above and will now attempt to close AOL and restart it again to see if I still get the error message.
Pancake

[*] posted on 28-12-2007 at 21:15
Do a good cleanup and that should have you finished..

Download and scan with CCleaner from http://www.ccleaner.com/downloadbuilds.asp

1. Starting with v1.27.260, http://www.ccleaner.com/downloadbuilds.asp installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
__________________
LSemmens

[*] posted on 28-12-2007 at 13:25
Pancake is based in OZ, Martin, so he may now be in bed, as should I, you may need to wait a little for his response. Welcome to KF, BTW.
MTM

[*] posted on 28-12-2007 at 13:14
Is there anything more you can do for me Pancake?
MTM

[*] posted on 28-12-2007 at 13:13
Many thanks - I've done what you have said although I should let you know that I am still getting the same 'This is not a...' error message when I start up AOL. It appears 2 or 3 times before I can dial up AOL and requires me to 'x' each message each time.

This avenger log automatically appeared in notepad when my system was rebooted:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bprcmhoa

*******************

Script file located at: \??\C:\Program Files\ahgukvcc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\37NDGC2E\help[1].htm deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\help[1].htm deleted successfully.


Could not open file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm for deletion
Deletion of file C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm failed!

Could not process line:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm
Status: 0xc0000033

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\help[1].htm deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk39.tmp deleted successfully.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk3B.tmp deleted successfully.
File C:\WINDOWS\system32\h323log.txt deleted successfully.
File C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\bar.0\MWSSRCSP.EXE deleted successfully.


File C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\~DF75FB.tmp not found!
Deletion of file C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\~DF75FB.tmp failed!

Could not process line:
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\~DF75FB.tmp
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Pancake

[*] posted on 28-12-2007 at 00:47
First off what you now need to do is turn off your System Restore,reboot,turn it back on and creat a new restore point.

1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore. Leave it to remove files...

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

=================================

Please download http://swandog46.geekstogo.com/avenger.zipThe Avenger to your Desktop and unzip it.

Copy all the text contained in the code box below ( including the words "files to delete" ) by highlighting it and right clicking and selecting "Copy"


Quote:

Files to delete:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\37NDGC2E\help[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\help[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\help[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk39.tmp
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk3B.tmp
C:\WINDOWS\system32\h323log.txt
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\bar.0\MWSSRCSP.EXE
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\~DF75FB.tmp





Now, start The Avenger program by clicking on its icon on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)

When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:\avenger.txt. The deleted files will be backed up and saved to C:\avenger\backup.zip.

Once your computer has rebooted, please post back the contents of C:\avenger.txt, a new Hijack This log.
MTM

[*] posted on 27-12-2007 at 12:25
just to add - I notice from the above that some of the infected files are Temp Internet - I definately cleared my tem folder before running this but to no avail obviously.
MTM

[*] posted on 27-12-2007 at 12:24
There you go guys, hope you can help me further.


Thursday, December 27, 2007 12:23:07 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/12/2007
Kaspersky Anti-Virus database records: 496390


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 33998
Number of viruses found 3
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:24:33

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7C9FDDA3-8070-498D-9DCC-679A9EFCEBBD}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{D313885D-DA03-44E7-954D-E682C4BA4DDB}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\37NDGC2E\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk39.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk3B.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\bar.0\MWSSRCSP.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\~DF75FB.tmp Object is locked skipped

Scan process completed.
MTM

[*] posted on 27-12-2007 at 10:58
Ok - scan is underway - I selected 'critical areas' which is where the above problems were found previously.
MTM

[*] posted on 27-12-2007 at 10:56
I was convinced that was going to work! I did what you said Pancake so what I'll do is create another Kaspersky log and let it complete this time and hopefully you can help further.

ps. I know it didn't work because I always get the error message when I start up AOL. I closed it down and started it up again and the message reappeared. Will do the log now.


Martin
MTM

[*] posted on 27-12-2007 at 10:40
Thanks to all of you - I'm going to try and do what Pancake has advised.

Cheers


Martin
scholar

[*] posted on 27-12-2007 at 04:53
MTM, welcome!waveysmiley

Pancake is the expert to which Daz referred. Follow his advice in every detail, and you will be fine.:D

I hope you'll look around here and make some posts in whatever areas interest you. We are mostly a friendly, helpful group, of great diversity. You are the only one who can bring your experience, your sense of humor, and your viewpoint to our group. Whether about computers, or pets, or discussion, or light-hearted chat, we'll be glad to hear what you have to say. Many of us came with a computer problem, originally, made some posts and some friends, and stayed.waveysmiley
Pancake

[*] posted on 27-12-2007 at 04:29
Please download the http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe]OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



Quote:

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.0\MWSSRCSP.EXE




Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

================================================

Empty your temp internet files.....



1) Open Internet Explorer and click on Tools
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive.

To clear the Internet History in IE:

1) Open Internet Explorer and click on Tools
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Clear History
4) Click OK

To clean up other temporary files on your computer:

1) Click Start, Programs (or All Programs), Accessories, System Tools, Disk Cleanup
2) Choose the correct drive usually C:\
3) Check the boxes in the list and delete the files
Daz

[*] posted on 27-12-2007 at 01:13
Click HERE to see instructions on posting a Hijack This log which will help our resident expert advise you further...

It might also be advisable to allow an online scan, like you started above, to complete...

Kaspersky is a very well respected site so you should be able trust it's results. It can be a long process, but it is important to let it complete...

Another recommended site is Trend's online scanner.... Available HERE
MTM

[*] posted on 26-12-2007 at 14:56
Hi all, I hope someone can help me. I've been a getting the "This is not a valid...." message for quite a while now and would appreciate help with how to remove this bug/virus from my pc. I started the follwoing scan with a free download online:

Wednesday, December 26, 2007 2:51:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/12/2007
Kaspersky Anti-Virus database records: 494133


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 23125
Number of viruses found 3
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:26:02

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Smart Link 56K Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{430F1C1F-F730-4B95-84ED-CB24D9DF10C3}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{DDE4DC89-FAE4-40B2-9856-03F0AE61E2E0}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bar.0\MWSSRCSP.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\37NDGC2E\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6DK5KHE3\wbk37.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M6F1EDG9\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\help[1].htm Infected: Exploit.VBS.Phel.a skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk39.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YBGLAPQL\wbk3B.tmp Infected: Exploit.VBS.Phel.i skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

Scan was interrupted by user!