View Full Version : Unremovable Smitfraud & Others
Fiercedeity
2007-05-11, 01:47
First off, thanks to anyone who can help me with this frustrating problem!
1) Scanned computer with CA online virus sanner
Results after 2 scans:
Scan Results: 235530 files scanned. 1 virus was detected.
File Infection Status Path
wsys.dll Win32/Cutwail!generic cannot delete C:\WINDOWS\system32\
2) Scanned computer in safe mode using Sypbot; detected Smitfraud but could not remove
3) My Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:45:21 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Scanner\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Helper Class - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - C:\WINDOWS\system32\torm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Button Manager B.lnk = C:\Program Files\SHARP\Button Manager B\btnman.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178735767218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: aOiGoun - {50D4DE6E-FA7E-74C4-AACF-523C72007209} - C:\WINDOWS\system32\iwq.dll (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Angelfire777
2007-05-11, 05:51
Hi, welcome to Safer Networking forums!
Download combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Fiercedeity
2007-05-11, 20:43
Combofix produced two logs:
"Compaq_Owner" - 2007-05-11 8:19:41 Service Pack 2 [SAFE MODE]
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\qvx5gamet2.exe
C:\WINDOWS\system32\vexg6ame4.exe
C:\WINDOWS\system32\vexga4me1.exe
C:\WINDOWS\system32\vexga5me3.exe
C:\WINDOWS\system32\vexga8me6.exe
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu2000386.exe
C:\WINDOWS\retadpu27.exe
C:\WINDOWS\system32\aspi805.exe
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Install.dat
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft\60787.dat
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\WINDOWS\system32\ksys.sys
C:\WINDOWS\system32\main.sys
C:\WINDOWS\system32\wsys.dll
C:\install.log
C:\WINDOWS\s32.txt
C:\WINDOWS\ws386.ini
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\perfc000.dat
C:\WINDOWS\system32\spoolsvv.sys
C:\WINDOWS\system32\perfc000.dat
Infected copy of C:\WINDOWS\system32\winlogon.exe was found & disinfected
Restored copy from - "C:\WINDOWS\system32\dllcache\winlogon.exe"
ws2_32.dll: deleted 30720 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ASPI113210
-------\LEGACY_CORE
-------\LEGACY_DRIVER
-------\LEGACY_EXAMPLE
-------\LEGACY_NDNET1
-------\LEGACY_RUNTIME
-------\LEGACY_WINCOM32
-------\Driver
-------\EXAMPLE
-------\NDnet1
-------\RpcApi
-------\runtime
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-11 ))))))))))))))))))))))))))))))))))
2007-05-10 12:30 <DIR> d-------- C:\Scanner
2007-05-09 10:31 <DIR> d-------- C:\VundoFix Backups
2007-05-08 15:57 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
2007-05-08 15:05 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-05-08 15:05 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-05-08 15:05 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-05-08 15:05 199,440 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-05-08 15:05 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-05-08 15:05 1,052,472 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-05-08 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-05-08 15:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-08 14:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-05-08 13:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-08 10:41 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
2007-05-08 10:40 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-08 10:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-08 08:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-08 08:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-05-08 08:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
2007-05-08 08:24 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-08 08:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-05-08 08:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-05-08 08:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-05-08 08:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-05-08 08:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-08 08:11 81,920 --a------ C:\WINDOWS\system32\zzzWinHealer.dll
2007-05-08 08:10 929 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-05-08 08:08 179,200 --a------ C:\DOCUME~1\COMPAQ~1\flash.exe
2007-05-08 08:08 177,152 --a------ C:\DOCUME~1\COMPAQ~1\click.exe
2007-05-08 08:08 152,576 --a------ C:\WINDOWS\system32\Iagg36.sys
2007-05-08 08:07 94,208 --a------ C:\WINDOWS\system32\dnsersnd.dll
2007-05-08 08:07 85,960 --a------ C:\DOCUME~1\COMPAQ~1\install.exe
2007-05-08 08:07 52,736 --a------ C:\DOCUME~1\COMPAQ~1\dnsersnd.exe
2007-05-08 08:07 49,152 --a------ C:\DOCUME~1\COMPAQ~1\TISKY002.exe
2007-05-08 08:07 337,781 --a------ C:\DOCUME~1\COMPAQ~1\zippy2.exe
2007-05-08 08:07 14,390 --a------ C:\DOCUME~1\COMPAQ~1\leeman.exe
2007-05-08 08:07 10,129 --a------ C:\DOCUME~1\COMPAQ~1\win32.exe
2007-05-08 08:07 <DIR> d-------- C:\WINDOWS\system32\smpi1
2007-04-13 09:29 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-13 09:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-13 09:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-09 21:28:24 82,944 ----a-w C:\WINDOWS\system32\ws2_32.dll
2007-05-09 18:51:53 -------- d-----w C:\Program Files\Google
2007-05-09 00:59:09 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-09 00:59:08 -------- d-----w C:\Program Files\Symantec
2007-04-02 20:38:29 -------- d-----w C:\Program Files\TGTSoft
2007-03-27 20:31:15 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-03-26 20:39:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-26 20:37:24 -------- d-----w C:\Program Files\Quicken
2007-03-26 20:33:47 -------- d-----w C:\Program Files\Microsoft Works
2007-03-26 20:32:24 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-26 20:28:37 -------- d-----w C:\Program Files\Logitech
2007-03-26 20:26:31 -------- d-----w C:\Program Files\iPod
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-10 10:03:21 268,704 ----a-w C:\WINDOWS\OfB11_Setup.exe
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{60FD4F58-4748-48f6-B661-5FCE71B0D907}"="C:\WINDOWS\system32\torm.dll" [x]
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar3.dll"
"{C333CF63-767F-4831-94AC-E683D962C63C}"="C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll"
"{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}"="C:\WINDOWS\system32\dnsersnd.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"SoundMan"="SOUNDMAN.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"HPWH myPrintMileage Agent"="C:\\Program Files\\Hewlett-Packard\\hp business inkjet 1100 series\\Toolbox\\mpm.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl03a\\BrStDvPt.exe"
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SharpTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\SharpTray.exe\""
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{50D4DE6E-FA7E-74C4-AACF-523C72007209}"="C:\WINDOWS\system32\iwq.dll" [x]
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^compaq_owner^start menu^programs^startup^ta_start.lnk
C:\WINDOWS\system32\dwdsregt.exe SKY002
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^compaq_owner^start menu^programs^startup^think-adz.lnk
C:\WINDOWS\system32\lwintodv.exe SKY002
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agrsmmsg
AGRSMMSG.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exploreupdsched
C:\WINDOWS\system32\lwintodv.exe SKY002
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imjpmig8.1
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mspy2002
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phime2002a
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phime2002async
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thirdintel
c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=dword:00000003
"iPodService"=dword:00000003
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcWzrd"="ALCWZRD.EXE"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\LaunchU3.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7ce63ba-23f4-11db-9ede-00112fbe3127}]
Shell\AutoRun\command K:\LaunchU3.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-11 08:31:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-11 8:37:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-11 08:37
__________________________________________________
2004-08-18 06:00 127 --a------ C:\Qoobox\Quarantine\C\WINDOWS\ws386.ini.vir
2004-08-18 06:00 87 --a------ C:\Qoobox\Quarantine\C\WINDOWS\s32.txt.vir
2005-04-23 13:49 170 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
2007-05-08 08:07 1044480 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cfg32.exe.vir
2007-05-08 08:07 45056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir
2007-05-08 08:08 1174028 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\COMPAQ~1\APPLIC~1\Install.dat.vir
2007-05-08 08:08 696320 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cfg32a.exe.vir
2007-05-08 08:10 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\3_exception.nls.vir
2007-05-08 08:10 12579 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\a3dxx.dll.vir
2007-05-08 08:10 45056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu2000386.exe.vir
2007-05-08 08:10 45056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu27.exe.vir
2007-05-08 08:10 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aspi805.exe.vir
2007-05-08 08:10 9293 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qvx5gamet2.exe.vir
2007-05-08 08:16 12364 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vexga5me3.exe.vir
2007-05-08 08:16 14891 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\winsys2f.dll.vir
2007-05-08 08:16 19456 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vexga4me1.exe.vir
2007-05-08 08:16 5725 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vexg6ame4.exe.vir
2007-05-08 08:16 7773 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vexga8me6.exe.vir
2007-05-08 10:44 24435 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\COMPAQ~1\APPLIC~1\Microsoft\60787.dat.vir
2007-05-08 14:29 7008 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\spoolsvv.sys.vir
2007-05-10 09:26 21504 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wsys.dll.vir
2007-05-10 09:26 502272 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
2007-05-10 11:26 13375 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\windev-peers.ini.vir
2007-05-11 08:13 113 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\desktop.ini.vir
2007-05-11 08:13 28544 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\main.sys.vir
2007-05-11 08:13 3712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ksys.sys.vir
2007-05-11 08:13 7424 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir
2007-05-11 08:27 1196 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DRIVER.reg.cf
2007-05-11 08:27 1196 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NDNET1.reg.cf
2007-05-11 08:27 1208 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_EXAMPLE.reg.cf
2007-05-11 08:27 1208 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
2007-05-11 08:27 270 --a------ C:\Qoobox\Quarantine\Registry_backups\services_RpcApi.reg.cf
2007-05-11 08:27 680 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Driver.reg.cf
2007-05-11 08:27 702 --a------ C:\Qoobox\Quarantine\Registry_backups\hklm_windowsNT_windows.reg.cf
2007-05-11 08:27 750 --a------ C:\Qoobox\Quarantine\Registry_backups\services_runtime.reg.cf
2007-05-11 08:27 782 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NDnet1.reg.cf
2007-05-11 08:27 788 --a------ C:\Qoobox\Quarantine\Registry_backups\services_EXAMPLE.reg.cf
2007-05-11 08:27 836 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-05-11 08:27 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_ASPI113210.reg.cf
2007-05-11 08:27 868 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINCOM32.reg.cf
2007-05-11 08:28 6144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\perfc000.dat.vir
Folder PATH listing for volume PRESARIO
Volume serial number is 50D4-DE6D
C:\QOOBOX
\---Quarantine
+---C
| | INSTALL.LOG.vir
| |
| +---Documents and Settings
| | \---All Users
| | \---Documents
| | \---Settings
| | desktop.ini.vir
| | winsys2f.dll.vir
| |
| +---DOCUME~1
| | \---COMPAQ~1
| | \---APPLIC~1
| | | Install.dat.vir
| | |
| | \---Microsoft
| | 60787.dat.vir
| |
| \---WINDOWS
| | cfg32.exe.vir
| | cfg32a.exe.vir
| | retadpu1000106.exe.vir
| | retadpu2000386.exe.vir
| | retadpu27.exe.vir
| | s32.txt.vir
| | ws386.ini.vir
| |
| \---system32
| | 3_exception.nls.vir
| | a3dxx.dll.vir
| | aspi805.exe.vir
| | ksys.sys.vir
| | main.sys.vir
| | perfc000.dat.vir
| | qvx5gamet2.exe.vir
| | spoolsvv.sys.vir
| | vexg6ame4.exe.vir
| | vexga4me1.exe.vir
| | vexga5me3.exe.vir
| | vexga8me6.exe.vir
| | windev-peers.ini.vir
| | winlogon.exe.vir
| | wsys.dll.vir
| |
| \---drivers
| ip6fw.sys.vir
|
\---Registry_backups
hklm_windowsNT_windows.reg.cf
LEGACY_ASPI113210.reg.cf
LEGACY_CORE.reg.cf
LEGACY_DRIVER.reg.cf
LEGACY_EXAMPLE.reg.cf
LEGACY_NDNET1.reg.cf
LEGACY_RUNTIME.reg.cf
LEGACY_WINCOM32.reg.cf
services_Driver.reg.cf
services_EXAMPLE.reg.cf
services_NDnet1.reg.cf
services_RpcApi.reg.cf
services_runtime.reg.cf
Fiercedeity
2007-05-11, 20:43
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:38:28 AM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Scanner\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Helper Class - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - C:\WINDOWS\system32\torm.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Button Manager B.lnk = C:\Program Files\SHARP\Button Manager B\btnman.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178735767218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: aOiGoun - {50D4DE6E-FA7E-74C4-AACF-523C72007209} - C:\WINDOWS\system32\iwq.dll (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Angelfire777
2007-05-11, 21:28
Hi,
You have remnants of Norton AntiVirus in your system..Please run the tool HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/pfdocs/2005033108162039) to clean all the leftovers of your Norton Antivirus..
*Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Antispyware.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Do not use it yet!
*Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune
Do not use it yet.
___________________
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O2 - BHO: Helper Class - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - C:\WINDOWS\system32\torm.dll (file missing)
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
O19 - User stylesheet: (file missing)
O21 - SSODL: aOiGoun - {50D4DE6E-FA7E-74C4-AACF-523C72007209} - C:\WINDOWS\system32\iwq.dll (file missing)
Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
*You may want to print these instructions here or save them in notepad since you'll work offline.
Reboot into Safe Mode.
To enter Safe Mode..
Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.
*Configure your machine to view hidden files:
Windows XP
Click Start.
Open My Computer..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading select Show hidden files and folders.
Uncheck the Hide Protected Operating System Files Option.
Click Yes to confirm.
Click OK.
*Using Windows Explorer, find and delete these files:
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\dnsersnd.dll
C:\Documents and Settings\Compaq_Owner\install.exe
C:\Documents and Settings\Compaq_Owner\dnsersnd.exe
C:\Documents and Settings\Compaq_Owner\TISKY002.exe
C:\Documents and Settings\Compaq_Owner\zippy2.exe
C:\Documents and Settings\Compaq_Owner\leeman.exe
C:\Documents and Settings\Compaq_Owner\win32.exe
C:\WINDOWS\OfB11_Setup.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\lwintodv.exe
*Using Windows Explorer, find and delete these folders
C:\WINDOWS\system32\smpi1
c:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec
Empty your recycle bin.
____________________
*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type fix.reg in the File name and save it to your desktop.
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^compaq_owner^start menu^programs^startup^ta_start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^compaq_owner^start menu^programs^startup^think-adz.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exploreupdsched]
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Close notepad. Make sure that all windows are closed.
Find the fix.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer Yes.
____________________
*Important: Make sure all your browsers are closed before running ATF Cleaner..
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
*Please run AVG AntiSpyware, and run a full scan as follow:
IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.
Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.
*I would like you to scan a few files for me.
Please go HERE (http://virusscan.jotti.org/). Click browse then, navigate to this file:
C:\WINDOWS\system32\zzzWinHealer.dll
Then click submit.
Do the same for these files:
C:\WINDOWS\system32\Iagg36.sys
C:\Documents and Settings\Compaq_Owner\flash.exe
C:\Documents and Settings\Compaq_Owner\click.exe
Please post the results to your next reply.
If Jotti is too busy, you can go HERE (www.virustotal.com) and do the same as above.
On your next reply, please include a fresh HijackThis log, AVG Antispyware log, results of the jotti scan and a description on how is your machine running.
Fiercedeity
2007-05-12, 01:44
Man, that AVG scan took 3 hours! Anyway here's my results for everything.
*Using Windows Explorer, find and delete these files:
C:\WINDOWS\system32\dnsersnd.dll *COULD NOT LOCATE
C:\WINDOWS\system32\dwdsregt.exe *COULD NOT LOCATE
C:\WINDOWS\system32\lwintodv.exe *COULD NOT LOCATE
__________________________________________
Jotti Scan:
Please go HERE. Click browse then, navigate to this file:
C:\WINDOWS\system32\zzzWinHealer.dll *COULD NOT LOCATE
C:\WINDOWS\system32\Iagg36.sys *COULD NOT LOCATE
C:\Documents and Settings\Compaq_Owner\flash.exe
AntiVir Found TR/Delphi.Downloader.Gen
C:\Documents and Settings\Compaq_Owner\click.exe
Avast Found Win32:Delf-ELU
AntiVir Found TR/Spy.Agent.177152
Panda Antivirus Found Trj/Downloader.OGJ
VBA32 Found Trojan.Win32.TrojanClicker.Delf.HJ
Fiercedeity
2007-05-12, 01:45
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:18:29 PM 5/11/2007
+ Scan result:
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158699.exe -> Adware.Agent : Ignored.
C:\QooBox\Quarantine\C\WINDOWS\cfg32.exe.vir -> Adware.BookedSpace : Ignored.
C:\QooBox\Quarantine\C\WINDOWS\cfg32a.exe.vir -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158688.dll -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158689.dll -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158690.dll -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189399.exe -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189400.exe -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158674.exe -> Adware.BraveSentry : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158676.dll -> Adware.BraveSentry : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158677.dll -> Adware.BraveSentry : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158678.dll -> Adware.BraveSentry : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158682.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158683.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158685.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158680.exe -> Adware.Relevant : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152688.exe -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0153672.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0155672.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158673.exe -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0159708.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161708.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161724.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161725.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161736.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\snapshot\MFEX-1.DAT -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165817.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165818.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166876.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166877.dll -> Adware.TTC : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152670.exe -> Adware.WebBuying : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158700.exe -> Adware.WebBuying : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158701.dll -> Adware.WebBuying : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158702.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158703.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161743.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161744.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189603.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189609.exe -> Adware.ZQuest : Ignored.
C:\QooBox\Quarantine\C\WINDOWS\system32\aspi805.exe.vir -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189409.exe -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0154678.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0156677.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0157676.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zzzWinHealer.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0181215.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0182244.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0186263.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189382.sys -> Backdoor.Bulknet : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\perfc000.dat.vir -> Backdoor.Small.os : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP549\A0151603.exe -> Backdoor.Small.os : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189311.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179192.sys -> Downloader.Agent.acl : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\retadpu2000386.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\retadpu27.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga5me3.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152694.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152698.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189404.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189406.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189407.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189408.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189608.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189605.exe -> Downloader.Agent.bnn : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vexg6ame4.exe.vir -> Downloader.Agent.bnr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152695.exe -> Downloader.Agent.bnr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189402.exe -> Downloader.Agent.bnr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158696.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga8me6.exe.vir -> Downloader.Small.cib : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152697.exe -> Downloader.Small.cib : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189405.exe -> Downloader.Small.cib : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\qvx5gamet2.exe.vir -> Downloader.Small.eip : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152700.exe -> Downloader.Small.eip : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189401.exe -> Downloader.Small.eip : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161752.exe -> Downloader.Tibs.kv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189606.exe -> Downloader.Tibs.kv : Cleaned with backup (quarantined).
C:\Scanner\backups\backup-20070511-095524-713.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189593.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189602.exe -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0175132.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189474.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0185247.dll -> Logger.Banker.cnx : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.sys.vir -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0156679.sys -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0157678.sys -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161753.sys -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189413.sys -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\winsys2f.dll.vir -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4me1.exe.vir -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152691.exe -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189403.exe -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\a3dxx.dll.vir -> Proxy.Xorpix.m : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0153673.dll -> Proxy.Xorpix.m : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189419.dll -> Proxy.Xorpix.m : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Iagg36.sys -> Rootkit.Agent.ea : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\main.sys.vir -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0153680.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0154683.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0155679.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158713.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0159714.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161721.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161732.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161735.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161764.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165813.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165826.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165840.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0166841.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166873.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166885.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0171888.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179150.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179165.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179169.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179191.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0180196.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0181214.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0181226.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0182243.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0185254.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0186261.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0187292.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189305.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189351.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189371.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189381.sys -> Rootkit.Agent.el : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158698.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\ksys.sys.vir -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
Fiercedeity
2007-05-12, 01:46
(cont.)
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158672.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161751.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179170.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0180192.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0180197.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0181222.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0181227.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0185255.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189306.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189372.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189383.sys -> Rootkit.NtRootKit : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.317:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.331:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@gmacmortgage.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.430:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.431:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.432:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.43:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.630:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.559:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.64:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.65:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.637:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.113:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.638:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.132:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.160:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.46:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.81:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.178:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.179:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.265:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.266:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.445:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.438:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.439:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.448:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.449:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.440:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.441:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.442:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.443:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.444:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.470:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.471:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.373:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
Fiercedeity
2007-05-12, 01:47
C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.52:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.54:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.55:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.385:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.386:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.389:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.390:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.391:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.392:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.405:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.406:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.407:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.408:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.409:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.410:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.411:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.412:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.413:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.420:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.421:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.422:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.423:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.424:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.425:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.426:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.427:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.167:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.112:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.451:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.452:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.453:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.454:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.597:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.598:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.599:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.48:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.488:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.489:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.490:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.491:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.492:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.513:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.514:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.515:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.516:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.517:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.393:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.394:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.395:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.396:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.397:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.528:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.302:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\44q7oetq.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189313.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189601.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189604.exe -> Trojan.BHO.ab : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189475.dll -> Trojan.OwlF.a : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\wsys.dll.vir -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0154670.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0155670.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158706.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0159706.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161706.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161722.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161757.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165802.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165815.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165828.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0166828.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166843.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166874.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0171880.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0178137.dll -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179137.dll -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179151.dll -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179178.dll -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189410.dll -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189424.dll:fork2 -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152693.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152696.exe -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152701.exe -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158687.sys -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189316.sys -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158692.exe -> Trojan.Tibs.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158693.exe -> Trojan.Tibs.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158695.exe -> Trojan.Tibs.x : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158694.exe -> Worm.Nuwar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152690.exe -> Worm.Zhelatin.by : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152692.exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189315.exe -> Worm.Zhelatin.cx : Cleaned with backup (quarantined).
::Report end
Fiercedeity
2007-05-12, 01:52
Logfile of HijackThis v1.99.1
Scan saved at 1:48:36 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ofps.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SHARP\Button Manager B\btnman.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Scanner\Scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Button Manager B.lnk = C:\Program Files\SHARP\Button Manager B\btnman.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178735767218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
_______________________________________
Computer runs smoother, and no longer restarts a few times when booting into normal mode. Still feels sluggish, though its no longer using 100% sources constantly.
Also, I think I made a mistake with my first Hijackthis log. I made it while in Safe Mode, because my computer ran too slowly for me to work in normal mode. :sad:
Angelfire777
2007-05-12, 04:58
Also, I think I made a mistake with my first Hijackthis log. I made it while in Safe Mode, because my computer ran too slowly for me to work in normal mode.
That's ok.
*Using Windows Explorer, find and delete these files:
C:\Documents and Settings\Compaq_Owner\click.exe
C:\Documents and Settings\Compaq_Owner\flash.exe
Empty this folder:
C:\QooBox\Quarantine
Reboot.
Post a fresh HijackThis log and please tell me if it's still a bit sluggish.
Fiercedeity
2007-05-14, 20:41
Here's a fresh log. The computer still feels slow, but that's about it.
Logfile of HijackThis v1.99.1
Scan saved at 8:34:37 AM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SHARP\Button Manager B\btnman.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ofps.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Scanner\Scanner.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\WgaTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Button Manager B.lnk = C:\Program Files\SHARP\Button Manager B\btnman.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178735767218
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Angelfire777
2007-05-16, 13:05
Let's see if this would reveal something..
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Fiercedeity
2007-05-17, 00:35
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 16, 2007 12:32:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/05/2007
Kaspersky Anti-Virus database records: 321957
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
Scan Statistics:
Total number of scanned objects: 92282
Number of viruses found: 20
Number of infected objects: 87 / 0
Number of suspicious objects: 4
Duration of the scan process: 01:54:18
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry1.zip/xpupdate.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/dlh9jkd1q2.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\IMJP8_1\imjp81u.dic Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Identities\{B9CC9534-84C0-4D21-A249-6998EAAF23F3}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Identities\{B9CC9534-84C0-4D21-A249-6998EAAF23F3}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Identities\{B9CC9534-84C0-4D21-A249-6998EAAF23F3}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Identities\{B9CC9534-84C0-4D21-A249-6998EAAF23F3}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012007051620070517\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\JET48A7.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF3C36.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF4DC8.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF4DD7.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\100.tmp/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\100.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\100.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\101.tmp Infected: Rootkit.Win32.Agent.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\102.tmp Infected: Trojan.Win32.Qhost.it skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103.tmp Infected: Trojan-Clicker.Win32.Small.cc skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\104.tmp Infected: Rootkit.Win32.Agent.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\151.tmp Infected: Backdoor.Win32.Agent.alp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\154.tmp Infected: Packed.Win32.Tibs.w skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\155.tmp Infected: Rootkit.Win32.Agent.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan.Win32.Agent.ady skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F4.tmp Infected: Trojan.Win32.Agent.ady skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F5.tmp Infected: Trojan-Spy.Win32.Banker.cnx skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F.tmp Infected: Trojan.Win32.Agent.ady skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A.tmp Infected: Trojan.Win32.Agent.ady skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A8.tmp Infected: Backdoor.Win32.Agent.alp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A9.tmp Infected: Rootkit.Win32.Agent.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AA.tmp Infected: Rootkit.Win32.Agent.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AB.tmp Infected: Rootkit.Win32.Agent.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AC.tmp Infected: Trojan-Proxy.Win32.Xorpix.m skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AD.tmp Infected: Trojan-Clicker.Win32.Small.cc skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AF.tmp Infected: Trojan-Clicker.Win32.Small.cc skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E.tmp Infected: Rootkit.Win32.Agent.dp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F.tmp Infected: Trojan.Win32.Agent.ady skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FB.tmp Infected: Trojan.Win32.Qhost.it skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FC.tmp Infected: Packed.Win32.Tibs.w skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FD.tmp Infected: Trojan-Clicker.Win32.Small.mr skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FE.tmp Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FF.tmp Infected: Backdoor.Win32.Agent.alp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152670.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152688.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0152688.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0153672.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0154671.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0155671.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0155672.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158673.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158673.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158674.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158676.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158677.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158678.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158680.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158682.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158683.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158685.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158688.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158689.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158690.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158699.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158700.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158701.dll Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158702.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158703.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP550\A0158707.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0159707.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0159708.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161707.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161708.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161723.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161724.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161725.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161736.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161743.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161744.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\A0161758.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP551\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165803.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165816.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165817.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165818.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0165829.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP552\A0166829.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166844.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166875.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166876.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0166877.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0171881.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0177137.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0178138.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179138.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179152.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0179179.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189309.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189399.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189400.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189418.exe Infected: Trojan.Win32.Patched.m skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189598.exe Object is locked skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189603.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP553\A0189609.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP554\change.log Object is locked skipped
Fiercedeity
2007-05-17, 00:37
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Angelfire777
2007-05-17, 14:58
Hi,
The kaspersky scan is ok...
You can empty this folder:
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine
Other than that, it looks like your machine is clean...
Congratulations! Your log looks clean!
Configure Windows Xp to hide system files:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Do not show hidden files and folders.
Check the Hide protected operating system files option.
Click Yes to confirm.
Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.
Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)
IESpyAds
~You can download it from here (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)
~If you want to know how IEspyads work you can take a look at it here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
~Please note that IESpyAds only works with Internet Explorer.
Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Happy safe surfing!
Fiercedeity
2007-05-17, 20:51
OK, thanks for the help. I'm glad to be rid of this problem!
Angelfire777
2007-05-20, 14:39
Glad we could be of assistance :bigthumb:
Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.