Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » System_volume_information spyware help!!!(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

System_volume_information spyware help!!!(RESOLVED)

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 25-04-2006, 05:23 AM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 9
gmendoza Is a beginner here at D-A-L
System_volume_information spyware help!!!(RESOLVED)
Hi! I have some problems with spyware in this folder. I've ran hijackthis and kapersky and here are the logs. I would appreciate any input. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 932 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 24, 2006 8:53:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/04/2006
Kaspersky Anti-Virus database records: 189743
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 59618
Number of viruses found: 7
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 00:39:38

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025036.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:qxqvbs:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:txjvxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025813.exe Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026095.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026120.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026121.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\WINDOWS\nattc.dat:fykghk:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\pss\system.ini.backup:rtyhmy:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\Soap Bubbles.bmp:zsgusv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\system32\oleext.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\vb.ini:jdhulq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\vbaddin.ini:ktrmoi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\wiaservc.log:hvilee:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\winnt.bmp:snvcbx:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\WINDOWS\_default.pif:txjvxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped

Scan process completed.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 25-04-2006, 09:49 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: System_volume_information spyware help!!!
Welcome to DAL,


Don't worry about those under system restore we will get those as a very last step.


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.



Now scan with Ewido again and save the log and post it back here please. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 26-04-2006, 04:19 AM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 9
gmendoza Is a beginner here at D-A-L
Re: System_volume_information spyware help!!!
thanks neal. here's the ewido report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:14:53 PM, 4/25/2006
+ Report-Checksum: 9B323AD7

+ Scan result:

C:\Documents and Settings\Kyle\Cookies\kyle@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle\Cookies\kyle@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup


::Report End
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 26-04-2006, 08:13 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: System_volume_information spyware help!!!
Thanks for that,







Please download WebRoot SpySweeper from HERE (It's a 14-day trial):

* Click Download Now to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply along with a fresh HJT log.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 27-04-2006, 03:25 AM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 9
gmendoza Is a beginner here at D-A-L
Re: System_volume_information spyware help!!!
thanks. here they are.

********
6:27 PM: | Start of Session, Wednesday, April 26, 2006 |
6:27 PM: Spy Sweeper started
6:27 PM: Sweep initiated using definitions version 665
6:27 PM: Starting Memory Sweep
6:30 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
6:30 PM: Starting Registry Sweep
6:30 PM: Found Adware: security2k hijacker
6:30 PM: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objecta\ (ID = 735573)
6:30 PM: Found Trojan Horse: trojan-downloader-zlob
6:30 PM: HKLM\software\microsoft\windows\currentversion\pol icies\explorer\run\ || wininet.dll (ID = 797671)
6:30 PM: Registry Sweep Complete, Elapsed Time:00:00:08
6:30 PM: Starting Cookie Sweep
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:30 PM: Starting File Sweep
6:32 PM: Found Adware: cws_tiny0
6:32 PM: system.ini.backup:rtyhmy (ID = 56997)
6:33 PM: dc929.ini:jdhulq (ID = 57116)
6:36 PM: dc931.bmp:snvcbx (ID = 56997)
6:36 PM: dc930.ini:ktrmoi (ID = 57116)
6:39 PM: dc924.bmp:zsgusv (ID = 56997)
6:40 PM: _default.pifcqgcu (ID = 56997)
6:41 PM: a0025812.pif:txjvxx (ID = 57116)
6:42 PM: dc925.dat:fykghk (ID = 56997)
6:42 PM: Found Adware: psguard\winhound fakealert
6:42 PM: a0026095.exe (ID = 280102)
6:43 PM: wiaservc.log:hvilee (ID = 57116)
6:43 PM: _default.pif:awrpdv (ID = 56997)
6:45 PM: a0025036.exe (ID = 281463)
6:48 PM: _default.pif:txjvxx (ID = 57116)
6:49 PM: a0025812.pif:rkdldt (ID = 56997)
6:50 PM: Found Adware: cws-aboutblank
6:50 PM: a0025812.pif:qxqvbs (ID = 54882)
6:55 PM: File Sweep Complete, Elapsed Time: 00:24:41
6:55 PM: Full Sweep has completed. Elapsed time 00:27:34
6:55 PM: Traces Found: 17
7:20 PM: Removal process initiated
7:20 PM: Quarantining All Traces: cws-aboutblank
7:20 PM: Quarantining All Traces: psguard\winhound fakealert
7:20 PM: Quarantining All Traces: security2k hijacker
7:20 PM: Quarantining All Traces: trojan-downloader-zlob
7:20 PM: Quarantining All Traces: cws_tiny0
7:20 PM: Removal process completed. Elapsed time 00:00:21
********
6:25 PM: | Start of Session, Wednesday, April 26, 2006 |
6:25 PM: Spy Sweeper started
6:25 PM: Sweep initiated using definitions version 665
6:25 PM: Starting Memory Sweep
6:25 PM: Sweep Canceled
6:25 PM: Memory Sweep Complete, Elapsed Time: 00:00:09
6:25 PM: Traces Found: 0
6:27 PM: | End of Session, Wednesday, April 26, 2006 |
********
6:24 PM: | Start of Session, Wednesday, April 26, 2006 |
6:24 PM: Spy Sweeper started
6:25 PM: Your spyware definitions have been updated.
6:25 PM: | End of Session, Wednesday, April 26, 2006 |

Logfile of HijackThis v1.99.1
Scan saved at 7:22:33 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 27-04-2006, 06:00 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: System_volume_information spyware help!!!
Hi,


Your hijackthis log is clean.


How is your computer behaving now?
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 28-04-2006, 04:01 AM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 9
gmendoza Is a beginner here at D-A-L
Re: System_volume_information spyware help!!!
My computer runs a little faster but it still lags a bit. I ran Kapersky, Ad-aware and Spy Sweeper. Ad-aware came up clean, Spy Sweeper just had one file and Kapersky had quite a few. Here's there logs with a Hijackthis log as well. THanks.

********
7:17 PM: | Start of Session, Thursday, April 27, 2006 |
7:17 PM: Spy Sweeper started
7:17 PM: Sweep initiated using definitions version 667
7:17 PM: Starting Memory Sweep
7:20 PM: Memory Sweep Complete, Elapsed Time: 00:03:03
7:20 PM: Starting Registry Sweep
7:20 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:20 PM: Starting Cookie Sweep
7:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:20 PM: Starting File Sweep
7:22 PM: Found Adware: cws_tiny0
7:22 PM: a0026183.pif:rkdldt (ID = 56997)
7:26 PM: a0026183.pif:txjvxx (ID = 57116)
7:26 PM: a0026184.ini:ktrmoi (ID = 57116)
7:26 PM: a0026185.ini:jdhulq (ID = 57116)
7:33 PM: wiaservc.log:hvilee (ID = 57116)
7:42 PM: File Sweep Complete, Elapsed Time: 0054
7:42 PM: Full Sweep has completed. Elapsed time 00:25:12
7:42 PM: Traces Found: 5
7:54 PM: Removal process initiated
7:54 PM: Quarantining All Traces: cws_tiny0
7:54 PM: Removal process completed. Elapsed time 00:00:06
********
6:27 PM: | Start of Session, Wednesday, April 26, 2006 |
6:27 PM: Spy Sweeper started
6:27 PM: Sweep initiated using definitions version 665
6:27 PM: Starting Memory Sweep
6:30 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
6:30 PM: Starting Registry Sweep
6:30 PM: Found Adware: security2k hijacker
6:30 PM: HKLM\software\microsoft\windows\currentversion\exp lorer\browser helper objecta\ (ID = 735573)
6:30 PM: Found Trojan Horse: trojan-downloader-zlob
6:30 PM: HKLM\software\microsoft\windows\currentversion\pol icies\explorer\run\ || wininet.dll (ID = 797671)
6:30 PM: Registry Sweep Complete, Elapsed Time:00:00:08
6:30 PM: Starting Cookie Sweep
6:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:30 PM: Starting File Sweep
6:32 PM: Found Adware: cws_tiny0
6:32 PM: system.ini.backup:rtyhmy (ID = 56997)
6:33 PM: dc929.ini:jdhulq (ID = 57116)
6:36 PM: dc931.bmp:snvcbx (ID = 56997)
6:36 PM: dc930.ini:ktrmoi (ID = 57116)
6:39 PM: dc924.bmp:zsgusv (ID = 56997)
6:40 PM: _default.pifcqgcu (ID = 56997)
6:41 PM: a0025812.pif:txjvxx (ID = 57116)
6:42 PM: dc925.dat:fykghk (ID = 56997)
6:42 PM: Found Adware: psguard\winhound fakealert
6:42 PM: a0026095.exe (ID = 280102)
6:43 PM: wiaservc.log:hvilee (ID = 57116)
6:43 PM: _default.pif:awrpdv (ID = 56997)
6:45 PM: a0025036.exe (ID = 281463)
6:48 PM: _default.pif:txjvxx (ID = 57116)
6:49 PM: a0025812.pif:rkdldt (ID = 56997)
6:50 PM: Found Adware: cws-aboutblank
6:50 PM: a0025812.pif:qxqvbs (ID = 54882)
6:55 PM: File Sweep Complete, Elapsed Time: 00:24:41
6:55 PM: Full Sweep has completed. Elapsed time 00:27:34
6:55 PM: Traces Found: 17
7:20 PM: Removal process initiated
7:20 PM: Quarantining All Traces: cws-aboutblank
7:20 PM: Quarantining All Traces: psguard\winhound fakealert
7:20 PM: Quarantining All Traces: security2k hijacker
7:20 PM: Quarantining All Traces: trojan-downloader-zlob
7:20 PM: Quarantining All Traces: cws_tiny0
7:20 PM: Removal process completed. Elapsed time 00:00:21
7:17 PM: Your spyware definitions have been updated.
7:17 PM: | End of Session, Thursday, April 27, 2006 |
********
6:25 PM: | Start of Session, Wednesday, April 26, 2006 |
6:25 PM: Spy Sweeper started
6:25 PM: Sweep initiated using definitions version 665
6:25 PM: Starting Memory Sweep
6:25 PM: Sweep Canceled
6:25 PM: Memory Sweep Complete, Elapsed Time: 00:00:09
6:25 PM: Traces Found: 0
6:27 PM: | End of Session, Wednesday, April 26, 2006 |
********
6:24 PM: | Start of Session, Wednesday, April 26, 2006 |
6:24 PM: Spy Sweeper started
6:25 PM: Your spyware definitions have been updated.
6:25 PM: | End of Session, Wednesday, April 26, 2006 |

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, April 27, 2006 6:54:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/04/2006
Kaspersky Anti-Virus database records: 190325
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61490
Number of viruses found: 6
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 00:49:12

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025813.exe Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026120.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026121.dll Infected: Trojan-PSW.Win32.Sinowal.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:txjvxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026184.ini:ktrmoi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026185.ini:jdhulq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026189.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\wiaservc.log:hvilee:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 8:01:00 PM, on 4/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 28-04-2006, 04:41 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: System_volume_information spyware help!!!
Hi,


Your Sun Java is way out of date and needs to be updated now as there are infections exploiting that vulnerability on a regular basis.


Updating Java:

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: Looks like a coffee cup
Select it and click Remove.
* Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp


Most of that Kaspersky scan results is under system restore and can be flushed as a very last step.



*Click Here to download KillBox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:


C:\WINDOWS\wiaservc.log:hvilee:$DATA
C:\WINDOWS\_default.pif:jcwqxv:$DATA
C:\WINDOWS\_default.pif:rkdldt:$DATA



*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Let the computer reboot.



www.ccleaner.com/downloadbuilds.asp

To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.

Then Reboot (Exit)


Then tell me how your computer is running now please. Please post a new hijackthis log also just in case. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 28-04-2006, 08:06 AM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 9
gmendoza Is a beginner here at D-A-L
Re: System_volume_information spyware help!!!
thanks. i think that did it. it runs smooth now. i did another kaspersky scan and my virus software got triggered regarding the system volume folder stuff. That has never happened before so I thought I'd bring that up. Here's the HJT log and the Kasperky log anyhow. Those files that you said to copyclip into that killbox program came back i believe as well. Here is that log first.
-------------------------------------------------------------------------------------------------
Pocket Killbox version 2.0.0.588
Running on Windows XP as Kyle(Administrator)
was started @ Thursday, April 27, 2006, 11:03 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\wiaservc.log:hvilee:$DATA


# 2 [Delete on Reboot]
Path = C:\WINDOWS\_default.pif:jcwqxv:$DATA


# 3 [Delete on Reboot]
Path = C:\WINDOWS\_default.pif:rkdldt:$DATA


Killbox Closed(Exit) @ 11:04:50 PM
----------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:05:46 AM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kyle\Desktop\Desktop\Virus Spyware\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Kyle\Desktop\CWShredder.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido Anti-Malware\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, April 28, 2006 12:00:36 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/04/2006
Kaspersky Anti-Virus database records: 190348
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 60455
Number of viruses found: 5
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 00:46:44

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP193\A0025035.exe Infected: Trojan.Win32.Small.ev skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0025812.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026097.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026098.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0026101.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:awrpdv:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026183.pifcqgcu:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP204\A0026189.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\wiaservc.log:hvilee:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:jcwqxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\WINDOWS\_default.pif:rkdldt:$DATA Infected: Trojan.Win32.Agent.bi skipped

Scan process completed.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 28-04-2006, 06:53 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: System_volume_information spyware help!!!
Hi,


Run spysweeper from safe mode and post that log please.

Safe Mode


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


After the scan reboot normal mode


Also...



www.pandasoftware.com/activescan/

Internet Explorer Required
Please run this online virus scan: ActiveScan

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send(*NOTE it's perfectly safe to do so..You will NOT be spammed from this)
- Select either Home User or Company
* Click the big Scan Now button
* If/when you get a notice that Panda wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on Local Disks to start the scan
* When the scan completes, if anything is detected, click the See Report button, then Save Report and save it to a convenient location like your desktop and post it back here please and a new hijackthis log as well. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[RESOLVED] Spyware azrin Spyware, Adware, Viruses and HijackThis Logs 4 04-08-2008 02:08 PM
spyware (RESOLVED) payne1504 Spyware, Adware, Viruses and HijackThis Logs 29 20-03-2007 03:20 AM
Spyware/Pop-Up Problem (RESOLVED) Flip84 Spyware, Adware, Viruses and HijackThis Logs 8 04-08-2006 04:12 AM
Spyware keeps reappearing(RESOLVED) SoItGoes Spyware, Adware, Viruses and HijackThis Logs 2 04-06-2006 03:37 PM
I Think I've got Spyware!!(RESOLVED) Undercover_Geek Spyware, Adware, Viruses and HijackThis Logs 10 28-02-2006 03:52 AM


All times are GMT +1. The time now is 04:09 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav