View Full Version : Trojan problem!
Hi, for a month now I have had a Troj.printspool.I use spyboot and everytime it detects the trojan but it keeps coming back.
Heres the HGT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:08 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\AppPatch\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ovmr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: run=C:\WINPENJR\win32\custom.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ovmr] C:\WINDOWS\system32\ovmr.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [ovmr] C:\WINDOWS\system32\ovmr.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Print Spooler Service (aimyuuyeiqa) - Unknown owner - C:\WINDOWS\system32\ovmr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WINDOWS MSI Installer Application (LD-MSIEXEC_Inst) - Unknown owner - C:\WINDOWS\AppPatch\msiexec.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9602 bytes
I couldn't do the on-line scan probably because I didn't enable activeX and i don't know how because im an idiot with computers.
So can anyone please help me?Thanks
NOTE:Even though i couldn't do the online scan I used the file scanner and i found two files in the system32 folder infected with Trojan.Win32
Hi cigno
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post
If it won't be a problem I'll try to clean up the mess with help
I've gotten Kaspersky to work and will have the log soon hopefully it 'll help
Hi
Post back kaspersky report and fresh HijackThis log when scan is finished, please :)
I just finished the scan now how do i get the log?
Hi
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Wednesday, August 29, 2007 11:42:52 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/08/2007
Kaspersky Anti-Virus database records: 373482
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Albert\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 21782
Number of viruses found 6
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 00:30:52
Infected Object Name Virus Name Last Action
C:\WINDOWS\AppPatch\msiexec.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe NSIS: infected - 2 skipped
C:\WINDOWS\b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINDOWS\b136.exe/stream Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINDOWS\b136.exe NSIS: infected - 2 skipped
C:\WINDOWS\b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jzhomjioh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ovmr.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Albert\LOCALS~1\Temp\rundl132.exe Infected: Trojan-PSW.Win32.OnLineGames.on skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:10 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\AppPatch\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ovmr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: run=C:\WINPENJR\win32\custom.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ovmr] C:\WINDOWS\system32\ovmr.exe
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [ovmr] C:\WINDOWS\system32\ovmr.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Print Spooler Service (aimyuuyeiqa) - Unknown owner - C:\WINDOWS\system32\ovmr.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WINDOWS MSI Installer Application (LD-MSIEXEC_Inst) - Unknown owner - C:\WINDOWS\AppPatch\msiexec.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9695 bytes
Hi
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Post:
- sdfix report
- main.txt
- extra.txt
I can't extract SDFIX. It says:
Please install to the default location by clicking Install The SDFix Folder will be extracted to %systemdrive% \ (Drive that contains the Windows directory - typically 'C:\SDFix') Open the SDFix folder in Safe Mode then double click the RunThis.bat file to start the fixtool. If run in Normal Mode, options to download and run Anti-Virus command line scanners are displayed.
Catchme.exe Userland Rootkit Detector by GMER is also included in the SDFix folder
Opps i forgot to browse the location sorry
SDFix: Version 1.100
Run by Albert on Wed 08/29/2007 at 12:23 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Albert\Desktop\SDFix
Safe Mode:
Checking Services:
Name:
LD-MSIEXEC_Inst
aimyuuyeiqa
ImagePath:
"C:\WINDOWS\AppPatch\msiexec.exe"
C:\WINDOWS\system32\ovmr.exe /service
LD-MSIEXEC_Inst - Deleted
aimyuuyeiqa - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\JZHOMJ~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\OVMR.EXE - Deleted
C:\WINDOWS\AppPatch\msiexec.exe - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\b136.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Albert\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\Internet Explorer\wininet.dll
C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\Program Files\Internet Explorer\iexplore.exe.local
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\5ACB5CEC1D.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
Finished
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:41 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9154 bytes
Deckard's System Scanner v20070826.66
Run by Albert on 2007-08-29 12:45:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
17: 2007-08-29 16:45:37 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2007-08-26 02:27:08 UTC - RP16 - Installed PenPowerJR-5.0
15: 2007-08-25 22:30:09 UTC - RP15 - Unsigned driver install
14: 2007-08-25 22:25:53 UTC - RP14 - Installed Belkin 54g USB Network Adapter
13: 2007-08-25 22:22:49 UTC - RP13 - Removed Belkin 54g USB Network Adapter
-- First Restore Point --
1: 2007-07-25 03:08:11 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).
-- HijackThis (run as Albert.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:41 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9154 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ppmoucls - c:\windows\system32\drivers\ppmoucls.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 pptchpad (PenPower Touchpad) - c:\windows\system32\drivers\pptchpd5.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 CA561 (ICatch VI PC CAMERA) - c:\windows\system32\drivers\spca561.sys <Not Verified; SP; Microsoft(R) Windows NT(R) Operating System>
S3 npkcusb - c:\program files\nexon\maplestory\npkcusb.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
S3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Belkin 54g Wireless USB Network Adapter Service (Belkin 54g Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
S2 WinWLServiceNow - c:\docume~1\albert\locals~1\temp\ravwl.exe (file missing)
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-08-24 18:30:01 352 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8YWJPB1-Albert).job
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 12:22:29 0 d-------- C:\WINDOWS\ERUNT
2007-08-29 10:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-29 10:18:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-28 18:01:17 0 d-------- C:\Program Files\Trend Micro
2007-08-28 17:03:55 0 d-------- C:\KAV
2007-08-25 22:27:29 32768 --a------ C:\WINDOWS\system32\PPADAPI.DLL
2007-08-25 22:27:29 17216 --a------ C:\WINDOWS\system32\drivers\PPTCHPD5.SYS
2007-08-25 22:27:29 20704 --a------ C:\WINDOWS\system32\drivers\PPMOUCLS.SYS <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-08-25 22:27:09 0 d-------- C:\WINPENJR
2007-08-25 18:26:37 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
2007-08-25 18:25:59 40960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2007-08-25 18:25:59 0 d-------- C:\WINDOWS\options
2007-08-25 18:25:55 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-08-25 18:25:55 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-08-25 18:25:55 1085440 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2007-08-25 18:25:53 0 d-------- C:\Program Files\Belkin
2007-08-16 22:40:18 582 --a------ C:\WINDOWS\eReg.dat
2007-08-16 22:12:13 0 d-------- C:\Program Files\Maxis
-- Find3M Report ---------------------------------------------------------------
2007-08-29 10:54:30 0 d-------- C:\Program Files\Starcraft
2007-08-25 23:12:14 2002 --a------ C:\Documents and Settings\Albert\Application Data\wklnhst.dat
2007-08-25 22:27:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 19:09:40 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-25 19:09:39 88 -r-hs---- C:\WINDOWS\system32\5ACB5CEC1D.sys
2007-08-24 15:06:15 0 d-------- C:\Program Files\Common Files
2007-07-24 15:28:03 0 d-------- C:\Program Files\msn gaming zone
2007-07-24 13:45:21 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-23 22:13:55 9806 --a------ C:\binboot.exe <Not Verified; ; installer>
2007-07-22 11:22:26 0 d-------- C:\Documents and Settings\Albert\Application Data\AVG7
2007-07-21 09:36:54 0 d-------- C:\Documents and Settings\Albert\Application Data\Help
2007-07-13 00:12:50 0 d-------- C:\Documents and Settings\Albert\Application Data\Talkback
2007-07-13 00:09:53 0 d-------- C:\Documents and Settings\Albert\Application Data\Mozilla
2007-07-11 19:22:30 0 d-------- C:\Program Files\Modem Helper
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/2001 11:23 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"jzhomjioh"=C:\WINDOWS\system32\jzhomjioh.exe
"pxhmcs"=C:\WINDOWS\system32\pxhmcs.exe
"mvioc"=C:\WINDOWS\system32\mvioc.exe
"axnjsga"=C:\WINDOWS\system32\axnjsga.exe
"lrmqkgv"=C:\WINDOWS\system32\lrmqkgv.exe
"qrry"=C:\WINDOWS\system32\qrry.exe
"bliuvfsw"=C:\WINDOWS\system32\bliuvfsw.exe
"glrjqgk"=C:\WINDOWS\system32\glrjqgk.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinTouch"=C:\Documents and Settings\LocalService\Application Data\WinTouch\WinTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adwarealert]
C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axnjsga]
C:\WINDOWS\system32\axnjsga.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bliuvfsw]
C:\WINDOWS\system32\bliuvfsw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bnoilfh]
C:\WINDOWS\system32\bnoilfh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dqaxzaqdlfsi]
C:\WINDOWS\system32\dqaxzaqdlfsi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dygqjvrq]
C:\WINDOWS\system32\dygqjvrq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eb]
C:\WINDOWS\system32\eb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emgjb]
C:\WINDOWS\system32\emgjb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\glrjqgk]
C:\WINDOWS\system32\glrjqgk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
C:\WINDOWS\system32\gsz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
C:\WINDOWS\system32\gykbeycib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwobbxn]
C:\WINDOWS\system32\iwobbxn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jiro]
C:\WINDOWS\system32\jiro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jzhomjioh]
C:\WINDOWS\system32\jzhomjioh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k]
C:\WINDOWS\system32\k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgkyez]
C:\WINDOWS\system32\kgkyez.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lomv]
C:\WINDOWS\system32\lomv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrmqkgv]
C:\WINDOWS\system32\lrmqkgv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lz]
C:\WINDOWS\system32\lz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mc]
C:\WINDOWS\system32\mc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
C:\WINDOWS\system32\mfacocn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mvioc]
C:\WINDOWS\system32\mvioc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndgqgj]
C:\WINDOWS\system32\ndgqgj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovmr]
C:\WINDOWS\system32\ovmr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pest-Capture]
C:\Program Files\PestCapture\PestCapture.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pxhmcs]
C:\WINDOWS\system32\pxhmcs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qaapdklpufix]
C:\WINDOWS\system32\qaapdklpufix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrry]
C:\WINDOWS\system32\qrry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvnmeuinmc]
C:\WINDOWS\system32\qvnmeuinmc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwxiovj]
C:\WINDOWS\system32\qwxiovj.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rpcrsgqrtde]
C:\WINDOWS\system32\rpcrsgqrtde.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sd]
C:\WINDOWS\system32\sd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
"C:\Program Files\eAcceleration\Station\station.exe" /b Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHeal 2.9]
"C:\Program Files\SH\SpyHeal 2.9\SpyHeal 2.9.exe" /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqjwznk]
C:\WINDOWS\system32\sqjwznk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srlmsejtby]
C:\WINDOWS\system32\srlmsejtby.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sxuc]
C:\WINDOWS\system32\sxuc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urey]
C:\WINDOWS\system32\urey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vxkvknx]
C:\WINDOWS\system32\vxkvknx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
"C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wemwpxpjdb]
C:\WINDOWS\system32\wemwpxpjdb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xc]
C:\WINDOWS\system32\xc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xe]
C:\WINDOWS\system32\xe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yglzs]
C:\WINDOWS\system32\yglzs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yso]
C:\WINDOWS\system32\yso.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\program files\zango\zango.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"it7k"=C:\DOCUME~1\Albert\LOCALS~1\Temp\rundl132.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"afvsd"=C:\WINDOWS\system32\afvsd.ex1
"ciefmbr"=C:\WINDOWS\system32\ciefmbr.ex1
"ebpqha"=C:\WINDOWS\system32\ebpqha.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"mc"=C:\WINDOWS\system32\mc.ex1
"ciefmbr"=C:\WINDOWS\system32\ciefmbr.ex1
"ebpqha"=C:\WINDOWS\system32\ebpqha.exe
-- End of Deckard's System Scanner: finished at 2007-08-29 12:49:27 ------------
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 253.98 MiB / 57.89 MiB
Pagefile Memory (total/avail): 624.87 MiB / 377.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.17 MiB
C: is Fixed (NTFS) - 52.7 GiB total, 31.55 GiB free.
D: is Fixed (NTFS) - 18.17 GiB total, 18.11 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SP0802N/P - 74.5 GiB - 4 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 52.7 GiB - C:
\PARTITION2 - Installable File System - 18.17 GiB - D:
\PARTITION3 - Unknown - 3.59 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG 7.5.446 v7.5.446 (GRISOFT) Outdated
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"="C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Albert\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D8YWJPB1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Albert
LOGONSERVER=\\D8YWJPB1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Albert\LOCALS~1\Temp
TMP=C:\DOCUME~1\Albert\LOCALS~1\Temp
USERDOMAIN=D8YWJPB1
USERNAME=Albert
USERPROFILE=C:\Documents and Settings\Albert
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Albert (admin)
Cindy (admin)
Matthew (admin)
Timothy
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\Setup.exe" -l0x9
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe"
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Security Plugin 2006 --> "C:\Program Files\Video ActiveX Object\iesuninst.exe"
Internet Security Add-On --> "C:\Program Files\Video ActiveX Object\isunst.exe"
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\Albert\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_6a12e8\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.5) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
PenPowerJR-5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}\setup.exe" -l0x9
Public Messenger ver 2.03 --> "C:\Program Files\Video ActiveX Object\pmunst.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type5509 / Error
Event Submitted/Written: 08/29/2007 00:39:46 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application starcraft.exe, version 1.15.1.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [starcraft.exe!ws!]
Event Record #/Type5455 / Error
Event Submitted/Written: 08/25/2007 02:50:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application starcraft.exe, version 1.15.1.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [starcraft.exe!ws!]
Event Record #/Type5346 / Error
Event Submitted/Written: 08/16/2007 11:10:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application install.exe, version 0.0.0.0, faulting module install.exe, version 0.0.0.0, fault address 0x000093dc.
Processing media-specific event for [install.exe!ws!]
Event Record #/Type5345 / Error
Event Submitted/Written: 08/16/2007 11:09:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Setup.exe, version 0.0.0.0, faulting module Setup.exe, version 0.0.0.0, fault address 0x0000661c.
Processing media-specific event for [Setup.exe!ws!]
Event Record #/Type5339 / Error
Event Submitted/Written: 08/16/2007 11:03:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Start.exe, version 0.0.0.0, faulting module user32.dll, version 5.1.2600.2180, fault address 0x0001294d.
Processing media-specific event for [Start.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type44241 / Error
Event Submitted/Written: 08/29/2007 00:47:18 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type44240 / Error
Event Submitted/Written: 08/29/2007 00:39:23 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.101 for the Network Card with network address 001150776262 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type44222 / Error
Event Submitted/Written: 08/29/2007 00:32:46 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
szkg
Event Record #/Type44221 / Error
Event Submitted/Written: 08/29/2007 00:32:46 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%2
Event Record #/Type44216 / Error
Event Submitted/Written: 08/29/2007 00:22:28 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
szkg
Tcpip
-- End of Deckard's System Scanner: finished at 2007-08-29 12:49:27 ------------
Hi
Open HijackThis, click do a system scan only and checkmark this:
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
Close all windows including browser and press fix checked.
Reboot
First we'll need to backup registry:
Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adwarealert]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axnjsga]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bliuvfsw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bnoilfh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dqaxzaqdlfsi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dygqjvrq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emgjb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\glrjqgk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwobbxn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jiro]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jzhomjioh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kgkyez]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lomv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrmqkgv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mvioc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndgqgj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovmr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pest-Capture]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pxhmcs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qaapdklpufix]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrry]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvnmeuinmc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwxiovj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rpcrsgqrtde]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHeal 2.9]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sqjwznk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srlmsejtby]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sxuc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\urey]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vxkvknx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wemwpxpjdb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yglzs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yso]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=-
"it7k"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"afvsd"=-
"ciefmbr"=-
"ebpqha"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"mc"=-
"ciefmbr"=-
"ebpqha"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"jzhomjioh"=-
"pxhmcs"=-
"mvioc"=-
"axnjsga"=-
"lrmqkgv"=-
"qrry"=-
"bliuvfsw"=-
"glrjqgk"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinTouch"=-
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)
Re-run dss
Post dss report
Hi
All lines starting from Windows Registry Editor Version 5.00 and ending to [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WinTouch"=-
I have spybot SD-resident so I dont know what to do since theres no button that allows the registry to change it denies everything.What should i do?
Hi
Do this before those steps:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Deckard's System Scanner v20070826.66
Run by Albert on 2007-08-29 13:39:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).
-- HijackThis (run as Albert.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:35 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9086 bytes
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 12:22:29 0 d-------- C:\WINDOWS\ERUNT
2007-08-29 10:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-29 10:18:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-28 18:01:17 0 d-------- C:\Program Files\Trend Micro
2007-08-28 17:03:55 0 d-------- C:\KAV
2007-08-25 22:27:29 32768 --a------ C:\WINDOWS\system32\PPADAPI.DLL
2007-08-25 22:27:29 17216 --a------ C:\WINDOWS\system32\drivers\PPTCHPD5.SYS
2007-08-25 22:27:29 20704 --a------ C:\WINDOWS\system32\drivers\PPMOUCLS.SYS <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-08-25 22:27:09 0 d-------- C:\WINPENJR
2007-08-25 18:26:37 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
2007-08-25 18:25:59 40960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2007-08-25 18:25:59 0 d-------- C:\WINDOWS\options
2007-08-25 18:25:55 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-08-25 18:25:55 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-08-25 18:25:55 1085440 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2007-08-25 18:25:53 0 d-------- C:\Program Files\Belkin
2007-08-16 22:40:18 582 --a------ C:\WINDOWS\eReg.dat
2007-08-16 22:12:13 0 d-------- C:\Program Files\Maxis
-- Find3M Report ---------------------------------------------------------------
2007-08-29 10:54:30 0 d-------- C:\Program Files\Starcraft
2007-08-25 23:12:14 2002 --a------ C:\Documents and Settings\Albert\Application Data\wklnhst.dat
2007-08-25 22:27:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 19:09:40 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-25 19:09:39 88 -r-hs---- C:\WINDOWS\system32\5ACB5CEC1D.sys
2007-08-24 15:06:15 0 d-------- C:\Program Files\Common Files
2007-07-24 15:28:03 0 d-------- C:\Program Files\msn gaming zone
2007-07-24 13:45:21 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-23 22:13:55 9806 --a------ C:\binboot.exe <Not Verified; ; installer>
2007-07-22 11:22:26 0 d-------- C:\Documents and Settings\Albert\Application Data\AVG7
2007-07-21 09:36:54 0 d-------- C:\Documents and Settings\Albert\Application Data\Help
2007-07-13 00:12:50 0 d-------- C:\Documents and Settings\Albert\Application Data\Talkback
2007-07-13 00:09:53 0 d-------- C:\Documents and Settings\Albert\Application Data\Mozilla
2007-07-11 19:22:30 0 d-------- C:\Program Files\Modem Helper
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/2001 11:23 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=
"jzhomjioh"=C:\WINDOWS\system32\jzhomjioh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
C:\WINDOWS\system32\gsz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
C:\WINDOWS\system32\gykbeycib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
C:\WINDOWS\system32\mfacocn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
"C:\Program Files\eAcceleration\Station\station.exe" /b Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
"C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
-- End of Deckard's System Scanner: finished at 2007-08-29 13:40:47 ------------
I put back on tea timer is that ok?
Hi
"I put back on tea timer is that ok?"
No. Please keep it disabled until you are clean.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Doubleclick fix2.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log.
I only found this:O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
All the others i can't seem to find.
Fix the the one i found?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:31 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8376 bytes
Hi
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
hursday, August 30, 2007 2:16:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/08/2007
Kaspersky Anti-Virus database records: 399242
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 128916
Number of viruses found 17
Number of infected objects 206
Number of suspicious objects 6
Duration of the scan process 02:46:43
Infected Object Name Virus Name Last Action
C:\binboot.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\history.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\key3.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/jzhomjioh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/msiexec.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/ovmr.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip ZIP: infected - 12 skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\data\da2006fong\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat Object is locked
C:\Documents and Settings\Albert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu450.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt8.zip/retadpu450.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WinTouch.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WTUninstaller.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\wintouch.prod.v10007.12jul2007.exe[1].619077c6721280bf3c53475cbdc668de Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\B[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\B[2].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[2].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[3].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[4].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[5].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[6].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[7].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\wtuninstaller.prod.v10007.12jul2007.exe[1].7debedc8315e1da50a742a6a0a5c161f Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\retadpu[1].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\retadpu[2].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\412splashfree.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\createtimes.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\data.ser Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\fileurns.bak Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\fileurns.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\filters.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\gnutella.net Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\installation.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\library.dat Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\limewire.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\pub1.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\public.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\questions.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\responses.cache
C:\Documents and Settings\Matthew\.limewire\secureMessage.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\simpp.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\spam.dat Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\tables.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\search.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\01_star.gif
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\logo.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\logo.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\ttree.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\update.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\version.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\version.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\application.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\audio.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\delete_me Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\video.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\application.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\audio.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\document.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\image.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\video.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\application.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\audio.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\document.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\image.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\video.xsd Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\dafendar.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\lilmissinocent7.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\pureebear101.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\xmselephant.htm Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D20289 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D202C2 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D205A1 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D2062C Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D2181F
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com Infected: Backdoor.Win32.SdBot.aad skipped
\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader\BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip ZIP: infected - 2
C:\Documents and Settings\Timothy\Local Settings\Temp\avs75.exe/data0006 Infected: not-a-virus:FraudTool.Win32.SpyLocked.a skipped
C:\Documents and Settings\Timothy\Local Settings\Temp\avs75.exe NSIS: infected - 1 skipped
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\RECYCLER\S-1-5-21-598908736-2064602688-1726924881-1009\Dc1.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002358.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004792.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004859.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004860.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004861.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004864.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004875.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004876.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004877.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004878.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004907.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004908.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004909.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004910.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004911.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004912.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004913.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004914.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004915.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004916.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004917.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004918.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004919.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004920.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004921.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004922.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004923.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004924.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004925.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004926.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004927.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004928.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004929.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004930.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004931.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004932.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004933.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004935.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004936.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004937.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004938.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004939.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004940.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004941.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004942.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004943.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004944.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004945.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004946.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004947.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004948.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004949.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004950.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004951.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004952.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004953.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004955.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004956.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004957.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004958.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004959.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004960.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004961.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004962.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004963.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004964.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004965.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004966.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004967.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004968.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004969.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004970.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004971.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004972.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004973.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004974.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004975.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004976.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004977.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004978.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004979.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004980.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004981.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004982.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004983.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004984.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004985.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004987.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004988.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004989.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004990.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004991.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004992.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004993.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004994.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004995.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004996.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004997.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005000.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005001.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005002.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005003.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005004.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005005.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005006.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005007.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005008.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005009.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005010.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005011.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005012.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005019.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005020.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005021.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005022.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005023.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005024.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005025.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005026.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005027.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005028.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005029.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005030.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005031.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005032.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005033.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005034.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005035.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005036.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005037.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005038.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005039.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005040.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005041.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005042.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005043.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Is skipped all of the locked ones that are on my brothers account becasue he put a stupid password on his account so probably I'm guessing thats why all the objects are locked.If you need the locked files I'll give you them but its REALLY long.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:41 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8477 bytes
Hi
"Is skipped all of the locked ones that are on my brothers account becasue he put a stupid password on his account so probably I'm guessing thats why all the objects are locked."
No need :)
Uninstall via add/remove programs if present:
Screensavers.com
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Empty these folders:
C:\Documents and Settings\Albert\Desktop\SDFix\backups
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Timothy\Local Settings\Temp\
Delete these:
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip
C:\Program Files\Screensavers.com
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
This file has something named Index.dat.It says it can't be deleted because someone eles is using it.
For C:\Documents and Settings\Timothy\Local Settings\Temp\
Delete every single file in it?Because there is a LOT
Hi
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
This file has something named Index.dat.It says it can't be deleted because someone eles is using it."
That's ok, just skip it.
"For C:\Documents and Settings\Timothy\Local Settings\Temp\
Delete every single file in it?Because there is a LOT"
Yes :)
Could not find:
C:\Program Files\Screensavers.com
But everything eles is deleted
Hi
Ok, next continue with kaspersky scan, please :)
I tryed to clean out the recycle bin but this message appears:
Cannot delete file: Cannot read from the source file or disk
Hi
Can you empty it in safe mode?
Hi
Nice to hear :)
Then just continue with kaspersky scan, please.
Friday, August 31, 2007 3:16:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 31/08/2007
Kaspersky Anti-Virus database records: 401518
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 116333
Number of viruses found 8
Number of infected objects 22
Number of suspicious objects 0
Duration of the scan process 02:11:01
Infected Object Name Virus Name Last Action
C:\binboot.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Albert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\data\da2006fong\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WinTouch.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WTUninstaller.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Matthew\Shared\cute is what we aim for- curse of the curves (full).mp3 Object is locked skipped
C:\Documents and Settings\Matthew\Shared\Elliott Yamin - Wait For You.mp3 Object is locked skipped
C:\Documents and Settings\Matthew\Shared\Kelly Clarkson - Breakaway.mp3 Object is locked skipped
C:\Documents and Settings\Matthew\Shared\Neyo - Because Of You.mp3 Object is locked skipped
C:\Documents and Settings\Matthew\Shared\Plain White T's - Hey There Delilah.mp3 Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-598908736-2064602688-1726924881-1009\Dc1.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.f skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000B.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005208.exe/data0006 Infected: not-a-virus:FraudTool.Win32.SpyLocked.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005208.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005234.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005234.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005730.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005731.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005734.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005735.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005736.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005737.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005738.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005739.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005740.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005742.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005743.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DD468FF9-D559-42CB-B0C7-F7A52F76A057}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hi
Delete these:
C:\binboot.exe
C:\Documents and Settings\LocalService\Application Data\WinTouch\
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
Can't find C:\binboot.exe
BUT spybot found a virus in there and I stopped the process of viturmode.
The second problem is
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com
This one wants make to run a program instead of opening a folder
Hi
"BUT spybot found a virus in there and I stopped the process of viturmode."
Please post also spybot report then
Please download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.exe).
Save it to the desktop.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\binboot.exe
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Empty this folder:
C:\!KillBox
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
- spybot report
How do I get a spybot report?
And a clipboard is also a notepad right?
Finally C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com
I deleted it because the first time i copied and pasted but then i went to the documents and found it.
Hi
"How do I get a spybot report?"
* Open SpyBot.
* Check for problems.
* When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.
"And a clipboard is also a notepad right?"
No. See here (http://en.wikipedia.org/wiki/Clipboard_(software))
Clipboard is a place in to which you can copy information.
Like said here:
"Copy the file names below to the clipboard by highlighting them and pressing Control-C:"
Really having a problem getting the file to clipboard.
Can i just manually type it in?
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-22 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-22 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-22 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-22 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-22 Includes\MalwareC.sbi (*)
2007-08-22 Includes\PUPS.sbi (*)
2007-08-22 Includes\PUPSC.sbi (*)
2007-08-22 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-22 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-22 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-22 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
In residents i found this:
9/1/2007 9:47:32 AM Encountered and terminated Virtumonde in C:\binboot.exe!
Plus I'll wait for your directions until I use Killbox and kaspersky scan
Hi
Spybot report is ok, just tracking cookies.
"Really having a problem getting the file to clipboard.
Can i just manually type it in?"
You can delete it in safe mode if you like.
Please move after that to kaspersky scan.
Hi again I tried going to safemode but i still couldn't find binboot.exe:sad:
So I'm going ahead to the scan if thats not a problem
Hi
Ok, we'll delete if by other means if it still shows up in scans, just move on to scan :)
Sunday, September 02, 2007 2:31:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/09/2007
Kaspersky Anti-Virus database records: 402572
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 117782
Number of viruses found 7
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 02:20:20
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\history.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\key3.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\data\da2006fong\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000F.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005208.exe/data0006 Infected: not-a-virus:FraudTool.Win32.SpyLocked.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005208.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005234.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005234.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005730.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005731.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005734.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005735.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005736.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005737.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005738.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005739.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005740.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005742.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0005743.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0006968.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0007065.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0007067.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0007068.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:38 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8547 bytes
Hi
Logs look good.
All viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
Nope no problems but when I had the viruses everything seemed kind of normal...
But THANKS A LOT for helping me clean my computer:)
I thought my computer was done for when my friend who is really good with computers couldn't get the viruses.So again THANK YOU for your time in helping me:bigthumb:
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can remove all tools we used.
Open HijackThis, click do a system scan only and checkmark these:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
Close all windows including browser and press fix checked.
If those still are in log atfer reboot do this before:
# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/)
2) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
3) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
4) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 2 (http://java.sun.com/javase/downloads/index.jsp) and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6u2...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.