cmd scare...anything else involved?

your link

Um their site is http://www.autodesk.com

Just that you know this software's developer has been bought out by autodesk that makes 3ds mx so just check them out

I left it on and right now it doing a full system scan and it couaght a keygen that I have not happened to happens to contain a trojan downloader
my emule seems infected as the incoming files has addropper files in it

I should uninstall it

I cannot install that to see how to tell it to use the correct version of java

Filesharring programs , best to never use any of them in my opinion.


Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

delete it?

MIght as well uninstall e-mule to prevent backdoor for viruses? cuz when I ran a system check wit hewido and AVG they found viruses being sent over from emule so I deleted the program just now.

I just downloaded spoyware blaster too guess that might help a while.

Thanks for the help so far, I'm not sure if my system's completely clean yet but I will keep watch and keep the updates .

"emule so I deleted the program just now"
Uninstall i hope you mean ?

Ive herd emule is safer than some of the others , but
Personal opinion, dont use or go near any of them.

Random Msn add

Hey guyz, this is kinda suspicious but recently on msn I have random weird addresses adding my hotmail like regular people would do but as soon as I click on them they give auto responses including crypted websites and it does that when I msg them back...can this be a symptom of msn address hijacking?

Should I import my stuff (my contacts etc to my other msn)

Looking forward to hear from you guyz

Im not sure what to suggest other that looking into msn messenger and msnshell programs website FAQ's and another online scan this time from a differant vender.

Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

hjt (security breach?)

I think some viruses are still in some of my folders but obviously I can;t find it just yet so here's the ucrrent log, I ran avg scan and there's a downloader tibs virus found in my system volume folder and it couldn;t deleted them so I moved them over to the vault....I think it'd be wise to close my hidden folders in my folder options?

Need forward replies plz

Logfile of HijackThis v1.99.1
Scan saved at 10:18:17 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ewido\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\ewido\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s164375529.onlinehome.us/ModTeam/Forum/index.php?sid=2a1d4298e873e6f2062cdd099e208c81
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [!ewido] "C:\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARAID5.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152768688515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

You dont have to worry about items in system volume information, thats system restore, normaly after a cleanup and if the pc is stable for a week or two i recommend turning it off then back on again.

Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

Click to expand...

I think it'd be wise to close my hidden folders in my folder options?

Click to expand...

Thats up to you ofcource

kaspersky scan log.

Thanks, I will try that...

now going back to my msn stuff here's my kaspersky scan results
it found a couple of viruses in my c drive still but they haven't done any direct harm so far (I think)

What do you guyz think?


Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 276082
Number of viruses found: 13
Number of infected objects: 105 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:00:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\WD27GHQJ\777_bb[1].chm/777chm.htm Infected: Exploit.JS.ADODB.Stream.c skipped
C:\Documents and Settings\Allen\Local Settings\Temporary Internet Files\Content.IE5\WD27GHQJ\777_bb[1].chm CHM: infected - 1 skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Temp\Perflib_Perfdata_878.dat Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\My Documents\maya\mayaLog Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Allen.STUDENT-A2035EE\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\Common Files\Microsoft Shared\Web Folders\_ibm00005.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped
C:\Program Files\Windows Media Player\podocisop.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP122\A0011188.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP122\A0011188.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP122\A0011188.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP122\A0011188.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP122\A0011188.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP122\A0012901.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013929.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013929.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013929.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013929.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013929.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013955.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped

.

second part

Sprry the report came long as it did a scan in my entire system including my hard drive

here;s the second part


C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013955.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013955.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013955.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP123\A0013955.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016934.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016934.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016934.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016934.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016934.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016948.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016948.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016948.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016948.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP124\A0016948.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017931.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017931.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017931.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017931.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017931.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017937.exe Infected: Trojan-Downloader.Win32.Adload.cq skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017938.exe Infected: Trojan-Downloader.Win32.Adload.ck skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017939.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017940.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017940.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017940.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017940.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017940.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017955.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017956.exe Infected: Trojan-Downloader.Win32.Adload.ck skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017957.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017957.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017957.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017957.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017957.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017958.exe Infected: Trojan-Downloader.Win32.Adload.cq skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP126\A0017962.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0019983.exe Infected: Trojan-Downloader.Win32.Adload.ck skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0019997.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0020005.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0020005.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0020005.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0020005.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0020005.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP131\A0020038.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP138\A0021170.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP138\A0021170.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP138\A0021170.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP138\A0021170.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP138\A0021170.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP138\A0022157.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023264.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023264.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023264.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023264.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023264.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023349.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023360.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP141\A0023368.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP142\A0023521.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP142\A0023521.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP142\A0023521.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP142\A0023521.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP142\A0023521.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP147\A0024494.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026119.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026119.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026119.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026119.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026119.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026200.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026200.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026200.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026200.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026200.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026279.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026290.exe Infected: Trojan-Clicker.Win32.VB.fc skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP150\A0026298.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP153\A0026809.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP153\A0026809.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP153\A0026809.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP153\A0026809.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP153\A0026809.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP155\A0027746.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP155\A0027746.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP155\A0027746.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP155\A0027746.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP155\A0027746.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP158\A0027817.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP158\A0028166.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP167\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FBCCD85F-398B-4FEA-9E70-B0DD713B7D75}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2317.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\556 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{60ABFEE7-0B8F-4CBB-A567-304054DC0DD3}\RP167\change.log Object is locked skipped

Delete these two files manualy
C:\Program Files\Common Files\Microsoft Shared\Web Folders\_ibm00005.exe
C:\Program Files\Windows Media Player\podocisop.html

hjt log (after manual deletion)

I 'm just posting to see if there's any difference (don't think so )

And yes I deleted those two files manually, just wanted to see if anything's traced that I should be aware of (spybot and adaware etc did scans and didn't any immediate threats but I guess that's for currently active malware in use...

What do you guyz think?

Logfile of HijackThis v1.99.1
Scan saved at 3:16:33 AM, on 7/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\ewido\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ewido\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s164375529.onlinehome.us/ModTeam/Forum/index.php?sid=2a1d4298e873e6f2062cdd099e208c81
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!ewido] "C:\ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARAID5.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152768688515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

That log looks fine, no need to post them unless requested.


Looks like you uninstalled the msnshell program ?

System Restore

Yes I uninstalled it as I never used them and in my past experiences those end up being infected somehow or ju8st simply become useless apps that I end up deleting.

So I should proceed with the system restore options that you guyz mentioned earlier when I brought up the system vloume issue???

Yes you can, see post #28 if needed for instructions

okay...

Aight I did the system restore procedure, should I run a syste mscan again or something ? Or wait to see if my comp is being stable for the next week or two???

What else should I cover in the meantime??

Go ahead and do another avg scan afterwards SpyBot then Ewido yes
one at a time ofcource, let them fix anything found.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Firewall

I downloaded it and haven't done the rest yet but right I'm wondering why my firewall cannot be adjusted

It says for some unknown problem my firewall settings cannot be viewed...

What do you guyz think?

Downloaded what ?

Quote the entire error or message about the firewall

Firewall

"Due to an unidentified problem, windows cannot display firewall settings"

And I meant the hosts file (that I downloaded)