View Full Version : Yet another Virtumonde problem
Therion11
2007-07-23, 09:04
I've read the other threads and it seems I need to post a HJT log file. So here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:12 p.m., on 23/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\qwerty12.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\thpjbjxb.dll",realset
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5773 bytes
Thanks for your time :)
Angelfire777
2007-07-23, 12:21
Hi, welcome to Safer Networking Forums!
I noticed that you are not running any AntiVirus application. You could get infected immediately after we clean you up. Please download and install ONE of these:
» Avast! (http://www.asw.cz/eng/avast_4_home.html)
» AVG AntiVirus (http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free)
» AntiVir (http://www.free-av.com/)
___________
Download combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
1. Save it to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Therion11
2007-07-25, 08:20
I chose AVG, as you'll be able to tell.
Combofix log
"Ell" - 2007-07-25 17:20:07 [GMT 12:00] - ComboFix 07-07-24.5 - Service Pack 1 FAT32
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\thpjbjxb.dll
C:\WINDOWS\system32\btxgwgtd.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\bxjbjpht.ini
C:\WINDOWS\system32\dtgwgxtb.ini
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\yayvuut.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-25 17:15 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 01:08 125,972 --a------ C:\WINDOWS\system32\xtmvrjbp.dll
2007-07-23 18:26 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-23 15:32 778,240 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-23 15:32 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-23 15:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-23 08:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-20 21:51 <DIR> d-------- C:\Downloads
2007-07-20 21:47 <DIR> d-------- C:\Program Files\FlashGet
2007-07-19 16:36 <DIR> d-------- C:\DOCUME~1\Ell\APPLIC~1\AdobeUM
2007-07-14 20:55 <DIR> d-------- C:\DOCUME~1\Ell\APPLIC~1\SlySoft
2007-07-14 20:51 <DIR> d-------- C:\Program Files\SlySoft
2007-07-12 15:35 39,424 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-07-12 15:35 380,928 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-07-12 15:35 287,360 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-07-12 15:35 217,088 -ra------ C:\WINDOWS\system32\LVUI2.dll
2007-07-12 15:35 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2007-07-12 15:35 2,112 -ra------ C:\WINDOWS\system32\Repository.reg
2007-07-12 15:35 110,592 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-07-12 15:29 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-07-12 15:29 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-07-12 15:29 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-07-12 15:29 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-07-12 15:29 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-12 15:29 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-07-12 15:29 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-07-12 15:29 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-07-12 15:29 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-07-12 15:29 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-07-12 15:29 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-07-12 15:29 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-07-12 15:29 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-07-12 15:29 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-07-12 15:29 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-07-12 15:29 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-07-12 15:29 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-07-12 15:29 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-07-12 15:29 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-07-12 15:29 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-07-12 15:29 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-07-12 15:29 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-07-12 15:29 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-07-12 15:29 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-07-12 15:29 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-07-12 15:29 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-07-12 15:29 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-07-12 15:28 245,824 -ra------ C:\WINDOWS\system32\InstExec.exe
2007-07-12 15:28 245,824 -ra------ C:\WINDOWS\Instexec.exe
2007-07-12 15:27 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-12 15:27 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-07-12 15:27 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-07-12 15:27 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-07-12 15:27 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-07-12 15:27 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-07-12 15:27 57,344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll
2007-07-12 15:27 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-12 15:27 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-07-12 15:27 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-07-12 15:27 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-07-12 15:27 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-07-12 15:27 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-07-12 15:27 39,936 --a------ C:\WINDOWS\system32\VxLibRes.dll
2007-07-12 15:27 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-12 15:27 327,680 --a------ C:\WINDOWS\system32\CamCplRes.dll
2007-07-12 15:27 262,144 --a------ C:\WINDOWS\system32\ElkCtrl.exe
2007-07-12 15:27 152,576 --a------ C:\WINDOWS\system32\VxLib.dll
2007-07-12 15:27 135,680 --a------ C:\WINDOWS\system32\VLib.dll
2007-07-12 15:27 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2007-07-12 15:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-12 15:27 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-07-12 15:27 <DIR> d-------- C:\Program Files\Logitech
2007-07-12 15:27 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-07-08 18:20 <DIR> d-------- C:\DOCUME~1\Ell\APPLIC~1\Locktime
2007-07-08 17:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Locktime
2007-07-08 17:33 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2007-07-07 17:34 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-07 17:34 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-07 17:34 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-07 17:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-07 17:31 <DIR> d-------- C:\Program Files\Winamp
2007-07-05 16:01 <DIR> d-------- C:\Program Files\eMule
2007-07-04 22:05 <DIR> d-------- C:\Program Files\Ares
2007-07-04 14:52 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-07-04 14:52 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-04 14:52 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-07-04 14:52 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-07-04 14:51 <DIR> d-------- C:\Program Files\Soulseek
2007-07-04 14:18 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-04 14:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-04 14:18 <DIR> d-------- C:\Program Files\Xvid
2007-07-04 01:12 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-04 01:11 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-04 01:11 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-04 01:11 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-04 01:11 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-04 01:11 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-07-04 01:11 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-07-04 01:11 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-04 00:54 <DIR> d-------- C:\DOCUME~1\Ell\APPLIC~1\vlc
2007-07-04 00:54 <DIR> d-------- C:\DOCUME~1\Ell\APPLIC~1\dvdcss
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-20 14:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2001-08-18 20:00 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"SoundMan"="SOUNDMAN.EXE" [2003-08-14 23:34 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2003-11-17 10:33 C:\WINDOWS\system32\nwiz.exe]
"tcnzTrayApp"="C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe" [2006-11-27 10:42]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 10:22]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-11-28 11:44]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-24 15:32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2003-04-14 20:05]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-15 10:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Xtra Help Assistant.lnk - C:\Program Files\Xtra Help Assistant\bin\matcli.exe [2007-07-03 22:18:04]
R1 nltdi;nltdi;C:\WINDOWS\System32\drivers\nltdi.sys
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\System32\sisesc.sys
R2 ElbyCDIO;ElbyCDIO Driver;C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
R2 SoftFax;SoftFax;C:\WINDOWS\System32\DRIVERS\C4C_FAXX.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\System32\drivers\ALCXSENS.SYS
R3 AnyDVD;AnyDVD;C:\WINDOWS\System32\Drivers\AnyDVD.sys
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\System32\DRIVERS\C4C_BSC2.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\System32\DRIVERS\hidusb.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 LVUSBSta;Logitech USB Monitor Filter;C:\WINDOWS\System32\drivers\lvusbsta.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\System32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\System32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\System32\DRIVERS\usbohci.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 17:31:31
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-25 17:34:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 17:34
--- E O F ---
Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:18 p.m., on 25/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\System32\lvcomsx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6010 bytes
Angelfire777
2007-07-25, 11:43
Hi,
The following are optional uninstalls in control panel > add/remove programs
Flashget
Be aware that the trial copy bundles Cydoor adware, but when you register, the Ads disappear. So in case you didn't purchase it, I recommend you uninstall it.
Emule
SoulSeek
Ares
These programs may be the reason your system is infected with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I suggest that you remove these programs from your system.
Please delete the following folders if you uninstalled their corresponding programs:
C:\Program Files\Soulseek
C:\Program Files\Ares
C:\Program Files\eMule
C:\Program Files\FlashGet
___________
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type kill.bat in the File name and save it to your desktop.
@echo off
attrib -s -h -r C:\WINDOWS\system32\xtmvrjbp.dll
catchme -k C:\WINDOWS\system32\xtmvrjbp.dll
cls
echo.Press any key to reboot
pause > nul
nircmd exitwin reboot force
exit
Locate kill.bat on your Desktop and double-click on it then it will reboot your machine.
After your machine reboots, please delete this file: C:\WINDOWS\system32\xtmvrjbp.dll
____________
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Also, please post a fresh HijackThis log on yuor next reply.
Therion11
2007-07-28, 05:15
I did the online scanbut there was no 'save as text' button, just 'save report' which is an HTML report file.
Kaspersky Report
aturday, July 28, 2007 12:03:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/07/2007
Kaspersky Anti-Virus database records: 368569
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 77329
Number of viruses found 6
Number of infected objects 15 / 0
Number of suspicious objects 0
Duration of the scan process 02:06:54
Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9A29DA6B-1484-45F3-A706-095821CA4118}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-657B9F3E-6239-4FDB-ACF1-B3889FDE69ED.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0C22F236-F497-427A-953C-94AB44C21FEC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-945FA578-F727-43EA-8B6E-6FB3675F5EDD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2BA9B833-03FE-472D-BC1A-7DF4528F9555.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-752D7853-1874-4B09-8407-DE8825164BAC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B7C8AE5D-5B8D-447A-80C0-F095437646CA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6D87E6C9-1CCB-440C-B140-9845DBB44645.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-01416640-339C-4CC3-A3F3-C518474058C2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-35430839-30A0-4483-B627-FC2D493BB9D6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E5B5C9C8-6F9D-4C4E-A7FD-037C1E4B5452.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A972F140-1261-4C62-8C13-B9731F779559.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3B231D2B-4A0D-42F3-8160-ADD81059294A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FD81C77A-3D23-44E3-A1F9-E0E9AC9E6121.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FA961656-703B-487D-9740-F03AF81B7437.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CCE64506-9C91-45C2-90F7-F30F1B220EE5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4A5C0578-DDCF-474F-B3F8-323E38003AB6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E4EACF5E-32E8-488A-BCF8-F08B9024DC37.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7F22AADC-6489-42C0-AC96-3FCAB0197100.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F9F90637-D85E-4340-9F1B-33C8D185975C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1E4EF5BA-FBD8-4142-84D5-6BEECB844582.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CCA36A14-A7C2-4882-90C8-EFF04FAA3F7F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E5D9866F-273E-4DC4-BE09-7540B1CA345E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9BDD9AD7-7659-44BA-A4F9-8CB7EF20DD06.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7AE6E875-6F1C-42D5-947E-37572920BC46.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8C9AF12F-80E9-4C74-B2E0-284B101F541B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-11AE1666-270C-4B2B-9EDB-B9160B203A3C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-83558743-904C-4CC6-B46A-974BDC7F01B9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-60C16BDC-7EC8-42A3-BE09-C2F64A3C74BB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-086FE3C5-2FD4-4DD1-949D-7EE690777B12.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2626D60E-14F9-4B42-9418-40F1DE6DE663.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B3E21C98-1FAA-4A4F-B7B1-94CB908972D7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-20673F4D-10DA-4BCA-977D-6C225D49E1A1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AE64E64C-ED73-4B25-9F0A-4DB80BAA52E8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E02FC07B-FE09-4D18-AAD9-716CB0249018.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-951C25BC-7CD7-47AE-A3F1-FA280A211006.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5774A107-FEEB-45FC-A965-63D0DE809AB1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-18C9B63B-27E9-4D2C-B78C-F2A6056EF0E2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D1347579-FD42-4A60-A089-A2DE48C905A4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-024B16F8-E6D8-4614-AAF4-58B51C01FD32.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3634C4A7-9808-49B1-BC9E-375BF398AEF5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D2FE032F-B55E-499F-8917-F3704B047E6F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-78858A46-D2C4-412E-87D7-FA1ADBFB95F9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-61C7AB26-5E41-42E0-8523-8C6881FC6D56.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3643CB68-D607-4A90-9F35-CE846D181FCB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3A1F5E22-093E-49BF-9D18-883B569F3EA6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C549A51D-B395-4959-AE6B-299DCB022EDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1FB18647-F216-40B8-9283-7F2A11ACB210.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B3DC8D00-78C6-4C04-8D51-39089CE8218C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6DDCF94A-04D3-4B0D-B5D9-99F8317C419E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7E850541-14CB-4472-9350-DDDC6E59686C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-550620A2-F48B-4883-8D77-995212FE51DF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1760E0C4-A495-4273-8A9D-4FE09F5D21C5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-175DFB37-5C74-46C8-8E8A-880E02F223C5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B211FFD7-6888-4FBC-A108-45B77DD771BE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F344C89B-910C-49B8-B48F-B5F0D4B41485.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FA171096-E388-4EE9-B294-2B917BABFEFA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3B4B7493-B3A7-40E8-91FF-8F5C5DBB933D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2533AC6D-77DD-415F-A9BA-03CBA23AC32B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8D8DF2B9-39FB-4A16-B244-578BD255B625.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-82DAF877-AD96-4250-8A64-F8463052F685.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-00A4215F-3548-4C88-81D4-D8B103AEC52D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-82CAE6E6-4B02-4F07-8FAB-A5EF8EF71FDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2279B94B-BACA-4DD1-8C60-257AD2F378D5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-40CE9D06-40C2-43C0-9A1B-9C2046A968C4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6603C083-A9FC-4929-9E9F-2B2A95A3223B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D978F975-71F9-4035-82E7-4ACCF0DEB24F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-96411044-2775-423E-AA1F-9F53DDE8BF53.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E49FFF97-2C5E-4979-93B5-544A05DD6307.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-35002001-4BEE-4DFD-AA81-523151DC0723.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F55EFAC7-2C4F-4D8F-BF5E-7E11B32AD6A4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-670840CA-3FC6-414E-B9D7-79E8FC011495.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-764573EC-3D9B-4593-8E22-5295A67FFD42.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6AB1EE11-61A4-4A34-A875-B8DEC6203C1D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7D951016-A822-43AA-80E0-DA04D7279809.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CF8ED116-BC6C-4ABA-A54E-B8F21F10C382.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2DCDE8A3-5861-4924-960E-36D2E56A9A8D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DB29A10D-FD34-4BB9-B7DB-0DB1DF70D995.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-700B1F86-339F-4972-BEF3-DD8B6AFAC222.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-80E63D46-2B53-4E69-ADD0-48A0434E9E58.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-66B9A966-508D-4B9F-95A6-DDB219592B67.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CC8DEA38-2AD9-4C16-9971-BF456D2B2E95.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-191C52BE-E791-4711-94B1-432A0140D8D0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E9124A19-0D04-497C-B8B3-785EB0E3B1AB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7E85EF5B-FE47-478D-ABB7-A8366ED6726F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6BB0F89C-B787-4439-A693-4040C8988D03.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DE3AF608-D65B-4E44-8BEC-373ECBEF4611.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BE3BF019-C8FF-4364-837C-6DF71132B311.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D9EE6179-14C5-480C-8810-C7849A493CD5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-352E28EC-8B99-4853-87F0-32C27726139E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D3F66BDF-F01F-4266-88AA-1D84D131E529.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-84CE3C89-8A34-45BF-B5BE-5A2DC6C7B7D8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-21839DC0-D428-4033-AE17-0F69A73520E8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D8B47A32-C41A-480B-902F-B97BB69B06F1.dat Object is locked skipped
Continued
Therion11
2007-07-28, 05:18
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4EEA2E35-79C9-4D21-92D2-1383E2D465F6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1C047A4B-7E9A-46DA-981A-3564A6E05B2D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-63543F9C-1530-45C4-9588-4B8121A3C6F6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-43F50DCD-8222-454D-A886-1EDF45296748.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-60337C0E-560A-4456-8D5B-95BCBF481A45.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-719F005F-EB6D-4AC8-B213-7723DEA8C959.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-556429EB-B94C-4B5F-9519-78C87C094146.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3D12B9E6-FB98-43C2-9BF8-42736A7BF553.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-73A8525B-8264-4B99-9588-25D43184B297.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AA26629C-647F-494D-A5D5-85C7B03995B2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CAF15F28-FBED-4BDE-8D60-A24F0C00244E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-05191B24-0A1D-4211-9895-05B81AB6F7E3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E73D61C0-DF68-438D-8C8C-09045F83BC84.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-827BA54D-822E-4A52-81BF-8BB38E634C75.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3B8D8A5B-DFB3-48B1-B814-52FC8A641D7B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FE4238A5-2944-4824-B133-C3C9D427626D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ADE4E404-FBED-4B7E-B8AA-3E41DC6B2F33.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C6F8A3BD-4827-485F-B695-E92B1AB8D874.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-773A3474-C734-4897-9D0D-4E2EB628C85B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BAFF5BFD-1EA7-4232-B135-74DF78EE130E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A81D5B04-222C-4A19-9042-511AD4A87E7D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-79123070-6C32-4A26-9FFC-080CEE948186.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A98046C9-256A-4AF2-8D24-B6AAC1DF52C2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E2543C12-3CD6-4765-8CD4-D9E6AAFA9BE4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A2881274-8FB6-4C9E-A453-C4305CD03DB8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A61E1002-E491-4315-8CD0-C9E54D50839E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-02731337-12BC-44FF-B278-A30CE902F8EA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ell\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ell\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ell\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\History\History.IE5\MSHist012007072720070728\index.dat Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\History\History.IE5\MSHist012007072820070729\index.dat Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\Application Data\Ares\My Shared Folder\___ARESTRA___ggg - die sperma-expertin (cissie & annette).avi Object is locked skipped
C:\Documents and Settings\Ell\Local Settings\Temp\~ROMFN_00000A2C Object is locked skipped
C:\Documents and Settings\Ell\My Documents\Downloads\Adobe CS3 DESIGN Premium Keygen - Photoshop_Illustrator_InDesign_Dreamweaver_Flash\Adobe CS3 DESIGN Premium Keygen.exe/data0000.cab/is67433.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\Documents and Settings\Ell\My Documents\Downloads\Adobe CS3 DESIGN Premium Keygen - Photoshop_Illustrator_InDesign_Dreamweaver_Flash\Adobe CS3 DESIGN Premium Keygen.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.if skipped
C:\Documents and Settings\Ell\My Documents\Downloads\Adobe CS3 DESIGN Premium Keygen - Photoshop_Illustrator_InDesign_Dreamweaver_Flash\Adobe CS3 DESIGN Premium Keygen.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\Ell\Cookies\index.dat Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP14\A0001248.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP15\A0001300.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP15\A0001304.dll Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001339.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001340.dll Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001341.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001342.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001343.dll Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001344.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001345.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001346.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001347.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001348.exe Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001349.dll Object is locked skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001368.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001373.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\A0001374.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\thpjbjxb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\btxgwgtd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvuut.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
E:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP16\change.log Object is locked skipped
E:\stuff\applications\prisma-trial-en.exe/data0022 Infected: not-a-virus:RiskTool.Win32.FWDisabler.a skipped
E:\stuff\applications\prisma-trial-en.exe NSIS: infected - 1 skipped
Scan process completed.
HijackThis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:12 p.m., on 28/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\lvcomsx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5327 bytes
Thanks for the help, it's appreciated
Angelfire777
2007-07-28, 05:43
Hi,
did you download the following keygen?
C:\Documents and Settings\Ell\My Documents\Downloads\Adobe CS3 DESIGN Premium Keygen - Photoshop_Illustrator_InDesign_Dreamweaver_Flash\Adobe CS3 DESIGN Premium Keygen.exe
If so, you should avoid downloading these illegal cracks because you violate the software's EULA. Moreover, almost 99.9% of these cracks contain some sort of malware inside them. In your case, your main infection came from this keygen.
Using Windows explorer, please delete the following file:
C:\Documents and Settings\Ell\My Documents\Downloads\Adobe CS3 DESIGN Premium Keygen - Photoshop_Illustrator_InDesign_Dreamweaver_Flash\Adobe CS3 DESIGN Premium Keygen.exe
Delete the following folder:
C:\QooBox <<Combofix quarantine
Empty your recycle bin.
Please post a fresh HijackThis log and tell me how your machine is running.
Therion11
2007-07-30, 02:00
Yes. I thought that's where it came from. I usually steer clear from those kind of files but a friend asked for it so I gave it a try. I'll know not to in the future.
My machine seems to be running alot better, thank you.
Here's the logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:27 a.m., on 30/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\lvcomsx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcnzTrayApp] "C:\Program Files\Xtra Help Assistant\bin\McciTrayApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Global Startup: Xtra Help Assistant.lnk = C:\Program Files\Xtra Help Assistant\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 5335 bytes
Angelfire777
2007-07-30, 12:25
Congratulations! Your log looks clean!
This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.
Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.
» ZoneAlarm (http://www.zonelabs.com)
» Kerio (http//www.sunbelt-software.com/Kerio-Download.cfm)
Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)
IESpyAds
~You can download it from here (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)
~If you want to know how IEspyads work you can take a look at it here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
~Please note that IESpyAds only works with Internet Explorer.
Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Happy safe surfing!
Angelfire777
2007-08-02, 13:34
Glad we could be of assistance :bigthumb:
Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.