View Full Version : Need HELP!!!
Hi...my wifes laptop has been infected with I guess malware. There are widows poping up to websited that we don't know. Anyway hope you guys help us with this.
Thanks.
HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:04 AM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\imholehn.dll
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: (no name) - {919A84EA-B76F-41B5-A2B0-026681CB9909} - (no file)
O2 - BHO: (no name) - {B270368C-C603-44B2-A52E-10670CF3E9F9} - C:\WINDOWS\system32\vtsro.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mhefvlkn.dll",sitypnow
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: opnkklk - opnkklk.dll (file missing)
O20 - Winlogon Notify: wmrpckxk - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12863 bytes
Sorry I forgot to metion that I did everything on your before to post section.
The Kaspersky reoprt is kinda long so I'm not sure which part you want.
Thanks again.
pskelley
2007-10-26, 16:07
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You are infected, I suggest you stay offline except when troubleshooting, the junk will download more.
See this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< Java is VERY outdated and likely the reason for the infection. You need to update Java and uninstall all old version as soon as possible.
This one can be tough to remove. If you would like to proceed, please follow all directions.
1) Thanks to Atribune and any others who helped with this fix.
Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThislogin a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com
(hold those reports and logs until you finish)
Thanks to sUBs and anyone else who helped with this fix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the Vundofix report, combofix log and a new HJT log. Add any comments you think will helps.
Thanks
Thanks PSKELLY,
I did everything you said and this is the
combofix log:
ComboFix 07-10-23.2 - Tambay 2007-10-26 12:08:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.356 [GMT -4:00]
Running from: C:\Documents and Settings\Tambay\Local Settings\Temporary Internet Files\Content.IE5\N00HW08I\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Aiden\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Aiden\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Aiden\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Aiden\ResErrors.log
C:\Documents and Settings\Tambay\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Tambay\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Tambay\Favorites\Online Security Guide.lnk
C:\Program Files\Hammer.dll
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\WinAble
C:\secure32.html
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aarmjbxx.ini
C:\WINDOWS\system32\etlnmdgo.exe
C:\WINDOWS\system32\exbzauex.dllbox
C:\WINDOWS\system32\gwubcwlk.exe
C:\WINDOWS\system32\ibimoiks.exe
C:\WINDOWS\system32\ihujicvs.ini
C:\WINDOWS\system32\imas3r
C:\WINDOWS\system32\kerrnkvp.dll
C:\WINDOWS\system32\lmnlqjhn.exe
C:\WINDOWS\system32\opecpjus.exe
C:\WINDOWS\system32\orstv.bak1
C:\WINDOWS\system32\orstv.bak2
C:\WINDOWS\system32\orstv.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pvknrrek.ini
C:\WINDOWS\system32\svcijuhi.dll
C:\WINDOWS\system32\tkdiikbv.dll
C:\WINDOWS\system32\vbkiidkt.ini
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
C:\WINDOWS\system32\vp4
C:\WINDOWS\system32\vp4\ade83122.exe
C:\WINDOWS\system32\vtsro.dll
C:\WINDOWS\system32\wmrpckxk.dllbox
C:\WINDOWS\system32\xxbjmraa.dll
C:\WINDOWS\system32\zb2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.
2007-10-26 12:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 11:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-26 11:55 <DIR> d-------- C:\VundoFix Backups
2007-10-26 11:54 <DIR> d-------- C:\Program Files\Sun
2007-10-26 11:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-24 23:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-24 11:55 84,544 --a------ C:\WINDOWS\system32\plgkcqyp.dll
2007-10-24 11:52 75,328 --a------ C:\WINDOWS\system32\qybkgwfu.exe
2007-10-21 20:32 75,328 --a------ C:\WINDOWS\system32\owfrfnwb.exe
2007-10-15 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-15 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-10-15 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-10-15 20:15 389,184 --a------ C:\WINDOWS\system32\criasjps.exe
2007-10-15 20:15 75,328 --a------ C:\WINDOWS\system32\ogofeaqr.exe
2007-10-15 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-15 17:12 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-15 00:16 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-14 20:14 389,184 --a------ C:\WINDOWS\system32\hyadxlvm.exe
2007-10-13 16:28 <DIR> d-------- C:\Program Files\3DGroove
2007-10-10 14:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-10-09 14:06 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 00:48 <DIR> d-------- C:\WINDOWS\system32\acb1
2007-10-09 00:48 <DIR> d--hs---- C:\WINDOWS\RXRhbmdhbmRh
2007-10-09 00:48 <DIR> d-------- C:\Temp
2007-10-09 00:48 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 15:54 --------- d-----w C:\Program Files\Java
2007-10-11 07:36 --------- d-----w C:\Program Files\Yahoo!
2007-10-09 04:27 3,102 ----a-w C:\Documents and Settings\Aiden\Application Data\wklnhst.dat
2007-09-07 01:05 1,778 ----a-w C:\Documents and Settings\Tambay\Application Data\wklnhst.dat
2006-11-27 21:34 49 ----a-w C:\Documents and Settings\Aiden\Application Data\internaldb41.dat
2006-11-25 11:41 382 ----a-w C:\Documents and Settings\Aiden\Application Data\internaldb1942.dat
2006-11-24 06:28 379 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb1942.dat
2006-11-24 06:28 20,480 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb7146.dat
2006-11-24 06:28 151 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb6508.dat
2006-11-24 06:28 13,046 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb7621.dat
2006-11-24 06:28 0 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb7011.dat
2006-11-24 06:21 6,144 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb7201.dat
2006-11-24 06:21 0 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb7380.dat
2006-11-24 06:21 0 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb343.dat
2006-11-24 06:21 0 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb2254.dat
2006-11-24 06:21 0 ----a-w C:\Documents and Settings\Tambay\Application Data\internaldb1520.dat
2006-11-23 20:18 9,216 ----a-w C:\Documents and Settings\Aiden\Application Data\internaldb8467.dat
2006-11-23 20:18 20,480 ----a-w C:\Documents and Settings\Aiden\Application Data\internaldb4827.dat
2006-11-23 20:18 0 ----a-w C:\Documents and Settings\Aiden\Application Data\internaldb6334.dat
2006-11-23 20:18 0 ----a-w C:\Documents and Settings\Aiden\Application Data\internaldb5436.dat
2006-05-27 07:39 3,060 -c--a-w C:\Program Files\secure32.html
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\RXRhbmdhbmRh\lrl1vAx1vAl1.vbs
2006-03-10 12:53:32 338,229 -csh--w C:\WINDOWS\system32\uvvyb.bak1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{919A84EA-B76F-41B5-A2B0-026681CB9909}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 01:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 15:35]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-07-23 14:38]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 16:31]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 09:58]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-02 20:03]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-18 03:08]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 18:57]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 18:49]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"plite731"="C:\WINDOWS\plite731.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 13:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkklk]
opnkklk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmrpckxk]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 16:03:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-25 17:36:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 12:18:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-26 12:19:57 - machine was rebooted
.
--- E O F ---
And this is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:03 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {919A84EA-B76F-41B5-A2B0-026681CB9909} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: opnkklk - opnkklk.dll (file missing)
O20 - Winlogon Notify: wmrpckxk - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12072 bytes
And I don't know where is the Vundofix report is, but when I ran it it found a file it can't fix then reboot my pc after that I ran it again and there is no more file to remove.
thanks
pskelley
2007-10-26, 19:12
That information is located here:
C:\vundofix.txt
I want to see it, it may be in the C:\Vundofix\ folder
Copy and paste the contents to this topic.
Thanks
Found it.
-------------------------------------
VundoFix V6.5.10
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 11:55:36 AM 10/26/2007
Listing files found while scanning....
C:\WINDOWS\system32\imholehn.dll
C:\windows\system32\ljjihhf.dll
C:\WINDOWS\system32\mhefvlkn.dll
C:\WINDOWS\system32\nklvfehm.ini
C:\WINDOWS\system32\opnkklk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\imholehn.dll
C:\WINDOWS\system32\imholehn.dll Has been deleted!
Attempting to delete C:\windows\system32\ljjihhf.dll
C:\windows\system32\ljjihhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nklvfehm.ini
C:\WINDOWS\system32\nklvfehm.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.10
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 12:02:45 PM 10/26/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.10
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 4:12:50 PM 10/26/2007
Listing files found while scanning....
No infected files were found.
pskelley
2007-10-26, 22:40
Thanks for that report, please follow these instructions.
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {919A84EA-B76F-41B5-A2B0-026681CB9909} - (no file)
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O20 - Winlogon Notify: opnkklk - opnkklk.dll (file missing)
O20 - Winlogon Notify: wmrpckxk - C:\WINDOWS\
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) RIGHT Click on Start then click on Explore. Locate and delete these items:
(delete all files in red, first is is C:\Windows, the rest are in C:\Windows\System32\ )
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\plgkcqyp.dll
C:\WINDOWS\system32\qybkgwfu.exe
C:\WINDOWS\system32\owfrfnwb.exe
C:\WINDOWS\system32\criasjps.exe
C:\WINDOWS\system32\ogofeaqr.exe
C:\WINDOWS\system32\hyadxlvm.exe
5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer, post a new HJT log and tell me how the computer performs now.
Thanks
thanks PSKELLY!!! you are the MAN!!:bigthumb:
My laptop is running better and so far no annoying pop-ups.
But I'm getting this error every start-up
"c:\windows\system32\mhefvlkn.dll" could not be opend. Is this something I should be worried about?
Anyway here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:31 AM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mhefvlkn.dll",sitypnow
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11258 bytes
pskelley
2007-10-27, 15:19
Thanks for the feedback, that message means we are killing the junk and what is left can not work. Just a little more to remove.
1) Make sure all files and folders are still visible.
2) Start > Control Panel > Add Remove Programs and uninstall BestsellerAntivirus if there.
3) It don't see it running but it is very important that Spybot S&D Tea Timer is NOT turned on, it will block the change we must make.
http://russelltexas.com/malware/teatimer.htm
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com G
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mhefvlkn.dll",sitypnow
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
Close all programs but HJT and all browser windows, then click on "Fix Checked"
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\Program Files\Common Files\BestsellerAntivirus\ <<< delete that folder
C:\WINDOWS\system32\mhefvlkn.dll <<< delete that file
If that file gives you any trouble, use this tool and instructions:
How to use the Delete on Reboot tool http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/
Remove Vundofix and combofix from your computer. Be sure to delete the C:\VundofixBackups and the C:\qoobox\quarantine folder from combofix.
Empty your Recycle Bin, then run a new Kaspersky Online Scan using these directions:
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here along with a new HJT log and your feedback.
Thanks
I did everthing except there are no files like the one below:
2) Start > Control Panel > Add Remove Programs and uninstall BestsellerAntivirus if there.
C:\Program Files\Common Files\BestsellerAntivirus\ <<< delete that folder
C:\WINDOWS\system32\mhefvlkn.dll <<< delete that file
This is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:31 AM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://gmail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mhefvlkn.dll",sitypnow
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11258 bytes
The Kaspersky report is too long... do you have a specific part you like me to copy?
pskelley
2007-10-27, 23:06
Have a look at this:
Today, 07:39
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:31 AM, on 10/27/2007
Today, 16:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:31 AM, on 10/27/2007
Please post a new HJT log:sad:
Tell me how many infections Kaspersky found, I'll probably need to see it unless you think you can read it.
Thanks
My bad I thought I saved it but anyway here is the new one
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:05 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10462 bytes
The Kaspersky Report:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 27, 2007 4:38:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/10/2007
Kaspersky Anti-Virus database records: 419645
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 96928
Number of viruses found: 15
Number of infected objects: 80
Number of suspicious objects: 0
Duration of the scan process: 05:01:39
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aiden\My Documents\My Pictures\IMG_0242.jpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10152007-171249.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip/winable.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip/wininstall.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl5.zip/wininstall.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\012C0000.VBN Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01700000.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380002.VBN/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380002.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380002.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380003.VBN/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380003.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380003.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0538000E.VBN/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0538000E.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0538000E.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0538000F.VBN/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0538000F.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0538000F.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380010.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380012.VBN/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380012.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380012.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380014.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05380015.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F40000.VBN Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00004.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00005.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00006.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00007.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00008.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00009.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A0000E.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A0000F.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00012.VBN Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00013.VBN Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A80000.VBN Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D80000.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D80001.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480000.VBN Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\084C0000.VBN Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\marilen lintag.doc Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Beach.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Car.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Fighter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default archive\Beach.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default archive\Car.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default archive\Fighter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default archive\People.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default archive\Rollercoaster.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default archive\Sonyericsson.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\People.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Rollercoaster.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sonyericsson.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Messages\ENU\read0600win_ENUadbe0700.pdf Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Security\addressbook.acrodata Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Security\CRLCache\B7F20844EA430A174287EE65FE7AB63296B06C84.crl Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Security\CRLCache\FB9327BF676A37F74C4E994E89AE066551552E42.crl Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\00000001.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\00000002.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\0000000a.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\0000000d.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\00000010.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\00000013.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\00000017.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\FolderCache\CacheInfo.XML Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000000.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000001.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000002.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000003.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000004.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000005.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000006.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000007.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000008.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000009.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000000a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000000b.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000000d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000000e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000000f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000010.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000011.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000012.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000013.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000014.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000015.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000017.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000018.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000019.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000001a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000001b.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000001c.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000001d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000001e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000001f.jpg Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000020.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000021.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000022.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000023.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000024.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000025.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000026.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000028.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000029.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000002a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000002b.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000002c.jpg Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000002d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000002f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000032.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000034.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000036.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000037.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000038.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000039.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000003a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000003c.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000003d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000003e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000003f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000040.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000041.jpg Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000042.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000043.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000046.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000048.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000049.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000004a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000004b.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000004c.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000004d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000004e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000004f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000050.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000051.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000052.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000053.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000054.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000055.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000056.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000058.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000005a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000005b.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000005c.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000005d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000005e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000005f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000060.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000061.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000062.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000063.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000064.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000065.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000066.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000067.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000068.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000069.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006a.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006b.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006c.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000070.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000071.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000072.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000073.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000074.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000075.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000076.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000077.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000081.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000083.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000084.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000086.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\bin.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\BinInfo.XML Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\Publisher.ini Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\dbCache.dat Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\dbCache.dat.index Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_512_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_513_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_514_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_518_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_519_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_543_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_769_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_770_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_771_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_774_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_795_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_borders_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_building_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_church_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_geographic_features_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_golf_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_grocery_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_highway_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_lodging_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_movie_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_pharmacy_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_places2_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_rail_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_school_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_shopping_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_webcam_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006c.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006d.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006e.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\0000006f.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000070.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000071.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000072.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000073.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000074.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000075.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000076.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000077.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000081.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000083.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000084.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\00000086.JPG Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\bin.abm Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\PictureBin\BinInfo.XML Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\ArcSoft\EPSON StoryTeller Publisher\1.0.0\Publisher.ini Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\dbCache.dat Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\dbCache.dat.index Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_512_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_513_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_514_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_518_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_519_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_543_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_769_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_770_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_771_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_774_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_795_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_borders_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_building_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_church_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_geographic_features_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_golf_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_grocery_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_highway_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_lodging_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_movie_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_pharmacy_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_places2_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_rail_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_school_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_shopping_v5_16.png Object is locked skipped
C:\Documents and Settings\Etanganda\Application Data\Google\GoogleEarth\icons\kh.google.com_icons_webcam_v5_16.png Object is locked skipped
I will continue later... is there anyway to just email you this? its like 6mb file?
pskelley
2007-10-28, 00:49
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:01:05 PM, on 10/27/2007
Thanks, that's a clean HJT log:bigthumb: Let's see what Kaspersky has to day.
KASPERSKY ONLINE SCANNER REPORT Saturday, October 27, 2007 4:38:43 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of that folder
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\ >>> delete the contents of that quarantine folder
In the scan from here:
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
down was clean, if you need to post another scan don't post that same stuff, edit it out.
Since the HJT log is clean and all the Kaspersky found appear to be in Spybot Recovery and Norton Quarantine, this should be a clean computer, how is it running.
Thanks
Right now I'm at work and I will delete those file tommorrow morning.
As far as the laptop goes, its been running good as before. Thank you VERY MUCH!!!!
As I looked at the rest of the K report almost everything is skipped locked. But I will post the last pages since it said infected.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123510.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123513.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123520.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123521.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123546.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123546.exe/stream Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123546.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123547.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123548.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123552.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP459\A0123553.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0123810.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0123817.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP462\A0123855.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP463\A0124298.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124484.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124486.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124487.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124488.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124504.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124506.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP466\A0124510.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124561.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124562.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124564.exe Infected: Trojan-Downloader.Win32.Adload.lv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124603.exe Infected: Trojan-Downloader.Win32.Agent.dpn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124604.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0124685.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP471\A0125699.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP474\A0125802.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP474\A0125803.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP477\A0125869.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130196.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130197.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130198.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130199.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0130214.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\A0130305.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\A0130306.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\A0130308.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0144F48D-A223-4F0D-8FA4-08269787909C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Control.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\dirapi.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\iml32.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Plugin.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\PluginPing.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\SwMenu.dll Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\CBrowser.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\INetURL.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\NetFile.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\NetLingo.x32 Object is locked skipped
C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\Speech.x32 Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-10-28, 12:33
Looks like all infected items are in your System Restore, clean those files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Thanks
Thank you very much for all you help PSKelly. Our lappie is happy :D::bigthumb:
Is there anything else I need to do?
pskelley
2007-10-28, 22:28
Music to my ears:bigthumb: some information for you about that infection, first...how easy it is to get infected:
http://www.theregister.com/2007/05/11/google_malware_map/
More news: Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.