vundo keeps shutting down explorer pls help [Archive] - Safer-Networking Forums

View Full Version : vundo keeps shutting down explorer pls help

wallflower

2007-06-30, 09:15

hi explorer keeps shutting down and i can't get rid of vundo
pls help desperate!!

Logfile of HijackThis v1.99.1
Scan saved at 3:14:02 PM, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Antiy Labs\Alive\ALiveCenter_.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {07551B28-634D-4F67-8C62-6F279263C23c} - (no file)
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\mljgeeb.dll
O2 - BHO: 0 - {092745D7-29DC-4ED7-0BA0-359F4C66D9BD} - (no file)
O2 - BHO: (no name) - {135B44E0-6A85-480D-9962-47DEEB080BB0} - C:\WINDOWS\system32\lxwspfls.dll
O2 - BHO: (no name) - {1C3E7F48-074D-4106-AAA3-A7B30307B1D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\bcyewblc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81B426CF-DF25-4FBB-B4AC-1011A5BBC9A5} - (no file)
O2 - BHO: (no name) - {8D0B00CF-38C6-4CCE-9F3C-73185DDA79EB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Password Organizer - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - blank (file missing)
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - blank (file missing)
O2 - BHO: (no name) - {CF68EA09-285F-4F45-9D93-F8D718A5DD8c} - (no file)
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - (no file)
O2 - BHO: (no name) - {E8968AF7-6BC0-4702-878C-F69C97E8407c} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE"
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PasswordOrganizer] C:\Program Files\Omniquad Total Security\RunTimePwdOrg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [Weather Tracker2] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2731b8eaa97082c90f06/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168145841350
O16 - DPF: {759AA6A5-76B2-43E2-B940-B0C336C69E01} - http://202.106.184.51/download/VodoneActivex.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com/voice/voice.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljgeeb - C:\WINDOWS\SYSTEM32\mljgeeb.dll
O20 - Winlogon Notify: Ø@ - Ø@ (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NAI ePO Agent Install (NAIMServInst) - McAfee, Inc. - C:\DOCUME~1\Andrew\LOCALS~1\Temp\unz2B.tmp\FramePkg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-07-01, 11:09

Hi wallflower

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

wallflower

2007-07-02, 01:35

[QUOTE=Shaba;99985]Hi wallflower

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 3:44:52 PM 30/06/2007

Listing files found while scanning....

C:\windows\system32\bcyewblc.dll
C:\WINDOWS\system32\mljgeeb.dll
C:\WINDOWS\system32\mxysgsse.dll
C:\WINDOWS\system32\utimtgku.dll
C:\windows\system32\xrtjndxt.dll
C:\windows\system32\xxwtr.dll

Beginning removal...

Attempting to delete C:\windows\system32\bcyewblc.dll
C:\windows\system32\bcyewblc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgeeb.dll
C:\WINDOWS\system32\mljgeeb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mxysgsse.dll
C:\WINDOWS\system32\mxysgsse.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utimtgku.dll
C:\WINDOWS\system32\utimtgku.dll Has been deleted!

Attempting to delete C:\windows\system32\xrtjndxt.dll
C:\windows\system32\xrtjndxt.dll Has been deleted!

Attempting to delete C:\windows\system32\xxwtr.dll
C:\windows\system32\xxwtr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 6:26:53 PM 1/07/2007

Listing files found while scanning....

C:\windows\system32\mljgeeb.dll

Beginning removal...

Attempting to delete C:\windows\system32\mljgeeb.dll
C:\windows\system32\mljgeeb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 5:56:19 AM 2/07/2007

Listing files found while scanning....

No infected files were found.

Logfile of HijackThis v1.99.1
Scan saved at 7:34:17 AM, on 2/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Antiy Labs\Alive\ALiveCenter_.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {07551B28-634D-4F67-8C62-6F279263C23c} - (no file)
O2 - BHO: 0 - {092745D7-29DC-4ED7-0BA0-359F4C66D9BD} - (no file)
O2 - BHO: (no name) - {135B44E0-6A85-480D-9962-47DEEB080BB0} - C:\WINDOWS\system32\lxwspfls.dll
O2 - BHO: (no name) - {1C3E7F48-074D-4106-AAA3-A7B30307B1D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D0B00CF-38C6-4CCE-9F3C-73185DDA79EB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Password Organizer - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - blank (file missing)
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - blank (file missing)
O2 - BHO: (no name) - {CF68EA09-285F-4F45-9D93-F8D718A5DD8c} - (no file)
O2 - BHO: (no name) - {E8968AF7-6BC0-4702-878C-F69C97E8407c} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE"
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PasswordOrganizer] C:\Program Files\Omniquad Total Security\RunTimePwdOrg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [Weather Tracker2] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2731b8eaa97082c90f06/netzip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168145841350
O16 - DPF: {759AA6A5-76B2-43E2-B940-B0C336C69E01} - http://202.106.184.51/download/VodoneActivex.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com/voice/voice.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Ø@ - Ø@ (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NAI ePO Agent Install (NAIMServInst) - McAfee, Inc. - C:\DOCUME~1\Andrew\LOCALS~1\Temp\unz2B.tmp\FramePkg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-07-02, 11:00

Hi

Are you using both BitDefender and McAfee as an antivirus?

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {07551B28-634D-4F67-8C62-6F279263C23c} - (no file)
O2 - BHO: 0 - {092745D7-29DC-4ED7-0BA0-359F4C66D9BD} - (no file)
O2 - BHO: (no name) - {135B44E0-6A85-480D-9962-47DEEB080BB0} - C:\WINDOWS\system32\lxwspfls.dll
O2 - BHO: (no name) - {1C3E7F48-074D-4106-AAA3-A7B30307B1D1} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D0B00CF-38C6-4CCE-9F3C-73185DDA79EB} - (no file)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Password Organizer - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - blank (file missing)
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - blank (file missing)
O2 - BHO: (no name) - {CF68EA09-285F-4F45-9D93-F8D718A5DD8c} - (no file)
O2 - BHO: (no name) - {E8968AF7-6BC0-4702-878C-F69C97E8407c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2731b8ea...p/RdxIE601.cab
O20 - Winlogon Notify: Ø@ - Ø@ (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report

wallflower

2007-07-03, 17:20

i don't have bid defender only mcafee antivirus
these are the logs thanx for your help

Logfile of HijackThis v1.99.1
Scan saved at 11:15:39 PM, on 3/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\Antiy Labs\Alive\ALiveCenter_.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUSE32A.EXE"
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PasswordOrganizer] C:\Program Files\Omniquad Total Security\RunTimePwdOrg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [Weather Tracker2] C:\Program Files\Weatherzone Tracker\weather_tracker.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168145841350
O16 - DPF: {759AA6A5-76B2-43E2-B940-B0C336C69E01} - http://202.106.184.51/download/VodoneActivex.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com/voice/voice.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ahfP Service (ahfprog) - Unknown owner - C:\WINDOWS\system32\ahfp.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NAI ePO Agent Install (NAIMServInst) - McAfee, Inc. - C:\DOCUME~1\Andrew\LOCALS~1\Temp\unz2B.tmp\FramePkg.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

wallflower

2007-07-03, 17:24

KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 03, 2007 11:12:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/07/2007
Kaspersky Anti-Virus database records: 357154

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\

Scan Statistics
Total number of scanned objects 116251
Number of viruses found 15
Number of infected objects 48
Number of suspicious objects 2
Duration of the scan process 03:06:45

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Andrew\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Andrew\Desktop2\Morpheus full version +Crack _ serial\Morpheus full version +Crack _ serial.zip/Morpheus.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\Andrew\Desktop2\Morpheus full version +Crack _ serial\Morpheus full version +Crack _ serial.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temp\BCGA.tmp Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temp\~DFA696.tmp Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temp\~DFA6A6.tmp Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temp\~DFAA0.tmp Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temp\~WRD0002.doc Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\B9EGX0WE\counter21[1].htm Infected: Trojan-Downloader.VBS.Agent.p skipped

C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Andrew\My Documents\Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Andrew\My Documents\Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Andrew\My Documents\Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Andrew\My Documents\Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\iMeshV7.exe/WISE0101.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\iMeshV7.exe/WISE0101.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\iMeshV7.exe/WISE0101.BIN Infected: not-a-virus:AdWare.Win32.Softomate.j skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\iMeshV7.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\iMeshV7.exe WiseSFX Dropper: infected - 3 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\music.exe/data0011 Infected: not-a-virus:AdWare.Win32.Comet.bd skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\music.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\Nero-7.8.5.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads\Nero-7.8.5.0_eng_trial.exe RAR: infected - 1 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\BearShareV6int.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\BearShareV6int.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\BearShareV6int.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Softomate.aa skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\BearShareV6int.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\BearShareV6int.exe WiseSFX Dropper: infected - 3 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe/file145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe/file145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe/file145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe/file145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe/file145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe/file145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online\winmx_mp3_free.exe Inno: infected - 6 skipped

C:\Documents and Settings\Andrew\ntuser.dat Object is locked skipped

C:\Documents and Settings\Andrew\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Hijackthis\backups\backup-20070703-112851-748.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe/file145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe/file145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe/file145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe/file145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe/file145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe/file145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\music, mp3,\WinMX MP3\Downloads\winmx_mp3_free.exe Inno: infected - 6 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP85\A0151661.exe Infected: Email-Worm.Win32.Locksky.aw skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP85\A0151663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP87\A0155685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP87\A0155686.dll Infected: Trojan.Win32.BHO.bd skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP87\A0155687.dll Infected: Trojan.Win32.BHO.bd skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP87\A0155688.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP88\A0158699.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{6BA8A0AB-80F1-4A9B-8673-9C9B57D56E08}\RP92\change.log Object is locked skipped

C:\VundoFix Backups\bcyewblc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped

C:\VundoFix Backups\mljgeeb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\VundoFix Backups\mxysgsse.dll.bad Infected: Trojan.Win32.BHO.bd skipped

C:\VundoFix Backups\utimtgku.dll.bad Infected: Trojan.Win32.BHO.bd skipped

C:\VundoFix Backups\xrtjndxt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

C:\WINDOWS\$NtUninstallKB824105$\netbt.sys Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{0C4F2104-8284-4222-8260-90BFB0F03405}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{F8E22D1B-BDBE-4103-8565-33C10F1C54FE}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

wallflower

2007-07-03, 17:25

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\lxwspfls.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\02275379.exe Object is locked skipped

C:\WINDOWS\Temp\1.tmp Object is locked skipped

C:\WINDOWS\Temp\15.tmp Object is locked skipped

C:\WINDOWS\Temp\1A.tmp Object is locked skipped

C:\WINDOWS\Temp\2.tmp Object is locked skipped

C:\WINDOWS\Temp\28.tmp Object is locked skipped

C:\WINDOWS\Temp\2BDF.tmp Object is locked skipped

C:\WINDOWS\Temp\3.tmp Object is locked skipped

C:\WINDOWS\Temp\3D.tmp Object is locked skipped

C:\WINDOWS\Temp\4.tmp Object is locked skipped

C:\WINDOWS\Temp\5.tmp Object is locked skipped

C:\WINDOWS\Temp\6.tmp Object is locked skipped

C:\WINDOWS\Temp\7.tmp Object is locked skipped

C:\WINDOWS\Temp\8.tmp Object is locked skipped

C:\WINDOWS\Temp\9.tmp Object is locked skipped

C:\WINDOWS\Temp\A.tmp Object is locked skipped

C:\WINDOWS\Temp\cba2766a109124307fb5f587895e24d3.tmp Object is locked skipped

C:\WINDOWS\Temp\CTun.exe Infected: not-a-virus:AdWare.Win32.AdWeb.a skipped

C:\WINDOWS\Temp\dec10.tmp Object is locked skipped

C:\WINDOWS\Temp\dec11.tmp Object is locked skipped

C:\WINDOWS\Temp\dec12.tmp Object is locked skipped

C:\WINDOWS\Temp\dec13.tmp Object is locked skipped

C:\WINDOWS\Temp\dec14.tmp Object is locked skipped

C:\WINDOWS\Temp\dec15.tmp Object is locked skipped

C:\WINDOWS\Temp\dec16.tmp Object is locked skipped

C:\WINDOWS\Temp\dec17.tmp Object is locked skipped

C:\WINDOWS\Temp\dec18.tmp Object is locked skipped

C:\WINDOWS\Temp\dec19.tmp Object is locked skipped

C:\WINDOWS\Temp\dec1A.tmp Object is locked skipped

C:\WINDOWS\Temp\dec1B.tmp Object is locked skipped

C:\WINDOWS\Temp\dec1C.tmp Object is locked skipped

C:\WINDOWS\Temp\dec1D.tmp Object is locked skipped

C:\WINDOWS\Temp\dec1E.tmp Object is locked skipped

C:\WINDOWS\Temp\dec1F.tmp Object is locked skipped

C:\WINDOWS\Temp\dec21.tmp Object is locked skipped

C:\WINDOWS\Temp\dec22.tmp Object is locked skipped

C:\WINDOWS\Temp\dec5.tmp Object is locked skipped

C:\WINDOWS\Temp\dec6.tmp Object is locked skipped

C:\WINDOWS\Temp\dec7.tmp Object is locked skipped

C:\WINDOWS\Temp\dec8.tmp Object is locked skipped

C:\WINDOWS\Temp\dec9.tmp Object is locked skipped

C:\WINDOWS\Temp\decA.tmp Object is locked skipped

C:\WINDOWS\Temp\decB.tmp Object is locked skipped

C:\WINDOWS\Temp\decC.tmp Object is locked skipped

C:\WINDOWS\Temp\decD.tmp Object is locked skipped

C:\WINDOWS\Temp\decE.tmp Object is locked skipped

C:\WINDOWS\Temp\decF.tmp Object is locked skipped

C:\WINDOWS\Temp\DFC5A2B2.TMP Object is locked skipped

C:\WINDOWS\Temp\IMT12.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT18.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT27.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT28.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT2F.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT31.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT32.tmp Object is locked skipped

C:\WINDOWS\Temp\IMT7.tmp Object is locked skipped

C:\WINDOWS\Temp\IMTE.tmp Object is locked skipped

C:\WINDOWS\Temp\kds.xml Object is locked skipped

C:\WINDOWS\Temp\log37.avi Object is locked skipped

C:\WINDOWS\Temp\log39.avi Object is locked skipped

C:\WINDOWS\Temp\log3a.avi Object is locked skipped

C:\WINDOWS\Temp\log3b.avi Object is locked skipped

C:\WINDOWS\Temp\log3c.avi Object is locked skipped

C:\WINDOWS\Temp\log3d.avi Object is locked skipped

C:\WINDOWS\Temp\log7.avi Object is locked skipped

C:\WINDOWS\Temp\log8.avi Object is locked skipped

C:\WINDOWS\Temp\loga.avi Object is locked skipped

C:\WINDOWS\Temp\mc21.tmp Object is locked skipped

C:\WINDOWS\Temp\mc21E.tmp Object is locked skipped

C:\WINDOWS\Temp\mpengine.dll Object is locked skipped

C:\WINDOWS\Temp\mpengine.dll46b554bb Object is locked skipped

C:\WINDOWS\Temp\mpengine.dll87d9be56 Object is locked skipped

C:\WINDOWS\Temp\mpengine.dllb17150e3 Object is locked skipped

C:\WINDOWS\Temp\netfxsl.log Object is locked skipped

C:\WINDOWS\Temp\occ27.tmp Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_114.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_3b0.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_81c.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_cd4.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_f90.dat Object is locked skipped

C:\WINDOWS\Temp\regincd2.exe Object is locked skipped

C:\WINDOWS\Temp\regtdi.exe Object is locked skipped

C:\WINDOWS\Temp\scs10.tmp Object is locked skipped

C:\WINDOWS\Temp\scs11.tmp Object is locked skipped

C:\WINDOWS\Temp\scs12.tmp Object is locked skipped

C:\WINDOWS\Temp\scs13.tmp Object is locked skipped

C:\WINDOWS\Temp\scs14.tmp Object is locked skipped

C:\WINDOWS\Temp\scs16.tmp Object is locked skipped

C:\WINDOWS\Temp\scs16C.tmp Object is locked skipped

C:\WINDOWS\Temp\scs16D.tmp Object is locked skipped

C:\WINDOWS\Temp\scs16E.tmp Object is locked skipped

C:\WINDOWS\Temp\scs16F.tmp Object is locked skipped

C:\WINDOWS\Temp\scs17.tmp Object is locked skipped

C:\WINDOWS\Temp\scs170.tmp Object is locked skipped

C:\WINDOWS\Temp\scs19.tmp Object is locked skipped

C:\WINDOWS\Temp\scs1A.tmp Object is locked skipped

C:\WINDOWS\Temp\scs1B.tmp Object is locked skipped

C:\WINDOWS\Temp\scs2.tmp Object is locked skipped

C:\WINDOWS\Temp\scs3.tmp Object is locked skipped

C:\WINDOWS\Temp\scs33.tmp Object is locked skipped

C:\WINDOWS\Temp\scs4.tmp Object is locked skipped

C:\WINDOWS\Temp\scs5.tmp Object is locked skipped

C:\WINDOWS\Temp\scs6.tmp Object is locked skipped

C:\WINDOWS\Temp\scs7.tmp Object is locked skipped

C:\WINDOWS\Temp\scs8.tmp Object is locked skipped

C:\WINDOWS\Temp\scs9.tmp Object is locked skipped

C:\WINDOWS\Temp\scsA.tmp Object is locked skipped

C:\WINDOWS\Temp\scsB.tmp Object is locked skipped

C:\WINDOWS\Temp\scsC.tmp Object is locked skipped

C:\WINDOWS\Temp\scsC5.tmp Object is locked skipped

C:\WINDOWS\Temp\scsC6.tmp Object is locked skipped

C:\WINDOWS\Temp\scsD.tmp Object is locked skipped

C:\WINDOWS\Temp\scsE.tmp Object is locked skipped

C:\WINDOWS\Temp\scsF.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1.tmp Object is locked skipped

C:\WINDOWS\Temp\SL10.tmp Object is locked skipped

C:\WINDOWS\Temp\SL11.tmp Object is locked skipped

C:\WINDOWS\Temp\SL12.tmp Object is locked skipped

C:\WINDOWS\Temp\SL13.tmp Object is locked skipped

C:\WINDOWS\Temp\SL14.tmp Object is locked skipped

C:\WINDOWS\Temp\SL15.tmp Object is locked skipped

C:\WINDOWS\Temp\SL16.tmp Object is locked skipped

C:\WINDOWS\Temp\SL17.tmp Object is locked skipped

C:\WINDOWS\Temp\SL18.tmp Object is locked skipped

C:\WINDOWS\Temp\SL19.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1A.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1B.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1C.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1D.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1E.tmp Object is locked skipped

C:\WINDOWS\Temp\SL1F.tmp Object is locked skipped

C:\WINDOWS\Temp\SL2.tmp Object is locked skipped

C:\WINDOWS\Temp\SL20.tmp Object is locked skipped

C:\WINDOWS\Temp\SL21.tmp Object is locked skipped

C:\WINDOWS\Temp\SL22.tmp Object is locked skipped

C:\WINDOWS\Temp\SL23.tmp Object is locked skipped

C:\WINDOWS\Temp\SL24.tmp Object is locked skipped

C:\WINDOWS\Temp\SL25.tmp Object is locked skipped

C:\WINDOWS\Temp\SL26.tmp Object is locked skipped

C:\WINDOWS\Temp\SL27.tmp Object is locked skipped

C:\WINDOWS\Temp\SL28.tmp Object is locked skipped

C:\WINDOWS\Temp\SL2C.tmp Object is locked skipped

C:\WINDOWS\Temp\SL3.tmp Object is locked skipped

C:\WINDOWS\Temp\SL34.tmp Object is locked skipped

wallflower

2007-07-03, 17:26

C:\WINDOWS\Temp\SL4.tmp Object is locked skipped

C:\WINDOWS\Temp\SL43.tmp Object is locked skipped

C:\WINDOWS\Temp\SL5.tmp Object is locked skipped

C:\WINDOWS\Temp\SL5A.tmp Object is locked skipped

C:\WINDOWS\Temp\SL6.tmp Object is locked skipped

C:\WINDOWS\Temp\SL7.tmp Object is locked skipped

C:\WINDOWS\Temp\SL8.tmp Object is locked skipped

C:\WINDOWS\Temp\SL9.tmp Object is locked skipped

C:\WINDOWS\Temp\SLA.tmp Object is locked skipped

C:\WINDOWS\Temp\SLB.tmp Object is locked skipped

C:\WINDOWS\Temp\SLC.tmp Object is locked skipped

C:\WINDOWS\Temp\SLD.tmp Object is locked skipped

C:\WINDOWS\Temp\SLE.tmp Object is locked skipped

C:\WINDOWS\Temp\SLF.tmp Object is locked skipped

C:\WINDOWS\Temp\Sna1.tmp Object is locked skipped

C:\WINDOWS\Temp\SnaA8.tmp Object is locked skipped

C:\WINDOWS\Temp\SnaA9.tmp Object is locked skipped

C:\WINDOWS\Temp\SnaAA.tmp Object is locked skipped

C:\WINDOWS\Temp\szu1.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf10.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf11.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf11B.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf12.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf16.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf18.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf1B.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf1B9.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf1BA.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf1F.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf22.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf23.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf24.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf25.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf26.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf27.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf29.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf2B.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf2D.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf2E.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf2F.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf30.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf31.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf32.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf33.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf34.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf35.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf36.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf37.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf38.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf39.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf3A.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf3B.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf3C.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf3D.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf3E.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf3F.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf40.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf41.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf42.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf43.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf44.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf45.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf46.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf47.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf48.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf49.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf4A.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf4B.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf4C.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf4D.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf4E.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf5.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf6.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf7.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf75.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf76.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf8.tmp Object is locked skipped

C:\WINDOWS\Temp\tdf9.tmp Object is locked skipped

C:\WINDOWS\Temp\tdfA.tmp Object is locked skipped

wallflower

2007-07-03, 17:27

C:\WINDOWS\Temp\tdfB.tmp Object is locked skipped

C:\WINDOWS\Temp\tdfC.tmp Object is locked skipped

C:\WINDOWS\Temp\tdfD.tmp Object is locked skipped

C:\WINDOWS\Temp\tdfE.tmp Object is locked skipped

C:\WINDOWS\Temp\tdfF.tmp Object is locked skipped

C:\WINDOWS\Temp\tmp1 Object is locked skipped

C:\WINDOWS\Temp\tmp10 Object is locked skipped

C:\WINDOWS\Temp\tmp11 Object is locked skipped

C:\WINDOWS\Temp\tmp12 Object is locked skipped

C:\WINDOWS\Temp\tmp13 Object is locked skipped

C:\WINDOWS\Temp\tmp14 Object is locked skipped

C:\WINDOWS\Temp\tmp15 Object is locked skipped

C:\WINDOWS\Temp\tmp16 Object is locked skipped

C:\WINDOWS\Temp\tmp17 Object is locked skipped

C:\WINDOWS\Temp\tmp18 Object is locked skipped

C:\WINDOWS\Temp\tmp19 Object is locked skipped

C:\WINDOWS\Temp\tmp1a Object is locked skipped

C:\WINDOWS\Temp\tmp1b Object is locked skipped

C:\WINDOWS\Temp\tmp1c Object is locked skipped

C:\WINDOWS\Temp\tmp1d Object is locked skipped

C:\WINDOWS\Temp\tmp1e Object is locked skipped

C:\WINDOWS\Temp\tmp1f Object is locked skipped

C:\WINDOWS\Temp\tmp2 Object is locked skipped

C:\WINDOWS\Temp\tmp20 Object is locked skipped

C:\WINDOWS\Temp\tmp21 Object is locked skipped

C:\WINDOWS\Temp\tmp22 Object is locked skipped

C:\WINDOWS\Temp\tmp23 Object is locked skipped

C:\WINDOWS\Temp\tmp24 Object is locked skipped

C:\WINDOWS\Temp\tmp25 Object is locked skipped

C:\WINDOWS\Temp\tmp26 Object is locked skipped

C:\WINDOWS\Temp\tmp27 Object is locked skipped

C:\WINDOWS\Temp\tmp28 Object is locked skipped

C:\WINDOWS\Temp\tmp29 Object is locked skipped

C:\WINDOWS\Temp\tmp2a Object is locked skipped

C:\WINDOWS\Temp\tmp2b Object is locked skipped

C:\WINDOWS\Temp\tmp2c Object is locked skipped

C:\WINDOWS\Temp\tmp2d Object is locked skipped

C:\WINDOWS\Temp\tmp2e Object is locked skipped

C:\WINDOWS\Temp\tmp2f Object is locked skipped

C:\WINDOWS\Temp\tmp3 Object is locked skipped

C:\WINDOWS\Temp\tmp30 Object is locked skipped

C:\WINDOWS\Temp\tmp31 Object is locked skipped

C:\WINDOWS\Temp\tmp32 Object is locked skipped

C:\WINDOWS\Temp\tmp33 Object is locked skipped

C:\WINDOWS\Temp\tmp34 Object is locked skipped

C:\WINDOWS\Temp\tmp35 Object is locked skipped

C:\WINDOWS\Temp\tmp36 Object is locked skipped

C:\WINDOWS\Temp\tmp37 Object is locked skipped

C:\WINDOWS\Temp\tmp38 Object is locked skipped

C:\WINDOWS\Temp\tmp39 Object is locked skipped

C:\WINDOWS\Temp\tmp3a Object is locked skipped

C:\WINDOWS\Temp\tmp3b Object is locked skipped

C:\WINDOWS\Temp\tmp3c Object is locked skipped

C:\WINDOWS\Temp\tmp3d Object is locked skipped

C:\WINDOWS\Temp\tmp3e Object is locked skipped

C:\WINDOWS\Temp\tmp3f Object is locked skipped

C:\WINDOWS\Temp\tmp4 Object is locked skipped

C:\WINDOWS\Temp\tmp40 Object is locked skipped

C:\WINDOWS\Temp\tmp41 Object is locked skipped

C:\WINDOWS\Temp\tmp42 Object is locked skipped

C:\WINDOWS\Temp\tmp43 Object is locked skipped

C:\WINDOWS\Temp\tmp44 Object is locked skipped

C:\WINDOWS\Temp\tmp45 Object is locked skipped

C:\WINDOWS\Temp\tmp46 Object is locked skipped

C:\WINDOWS\Temp\tmp47 Object is locked skipped

C:\WINDOWS\Temp\tmp48 Object is locked skipped

C:\WINDOWS\Temp\tmp49 Object is locked skipped

C:\WINDOWS\Temp\tmp4a Object is locked skipped

C:\WINDOWS\Temp\tmp4b Object is locked skipped

C:\WINDOWS\Temp\tmp4c Object is locked skipped

C:\WINDOWS\Temp\tmp4d Object is locked skipped

C:\WINDOWS\Temp\tmp4e Object is locked skipped

C:\WINDOWS\Temp\tmp4f Object is locked skipped

C:\WINDOWS\Temp\tmp5 Object is locked skipped

C:\WINDOWS\Temp\tmp50 Object is locked skipped

C:\WINDOWS\Temp\tmp51 Object is locked skipped

C:\WINDOWS\Temp\tmp52 Object is locked skipped

C:\WINDOWS\Temp\tmp53 Object is locked skipped

C:\WINDOWS\Temp\tmp54 Object is locked skipped

C:\WINDOWS\Temp\tmp55 Object is locked skipped

C:\WINDOWS\Temp\tmp56 Object is locked skipped

C:\WINDOWS\Temp\tmp57 Object is locked skipped

C:\WINDOWS\Temp\tmp58 Object is locked skipped

C:\WINDOWS\Temp\tmp59 Object is locked skipped

C:\WINDOWS\Temp\tmp6 Object is locked skipped

C:\WINDOWS\Temp\tmp6B.tmp Object is locked skipped

C:\WINDOWS\Temp\tmp7 Object is locked skipped

C:\WINDOWS\Temp\tmp8 Object is locked skipped

C:\WINDOWS\Temp\tmp9 Object is locked skipped

C:\WINDOWS\Temp\tmpa Object is locked skipped

C:\WINDOWS\Temp\tmpb Object is locked skipped

C:\WINDOWS\Temp\tmpc Object is locked skipped

C:\WINDOWS\Temp\tmpd Object is locked skipped

C:\WINDOWS\Temp\tmpe Object is locked skipped

C:\WINDOWS\Temp\tmpf Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Shaba

2007-07-03, 18:00

Hi

Empty these folders:

C:\WINDOWS\Temp\
C:\Documents and Settings\Andrew\Desktop2\Morpheus full version +Crack _ serial
C:\Documents and Settings\Andrew\My Documents\My Downloads\limewiredownloads
C:\Documents and Settings\Andrew\My Documents\My Downloads\search music online
C:\Program Files\music, mp3,\WinMX MP3\Downloads
C:\VundoFix Backups\

Delete this:

C:\WINDOWS\system32\lxwspfls.dll

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report

Shaba

2007-07-10, 10:58

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.