View Full Version : Win32/Harnig!generic infection
Hi, I recently added an extra 1GB of RAM onto my system. I also loaded Microsoft Flight Sim X. Every time I ran FSX my pc would freeeze, requiring a system reset to recover the system. I also started getting a lot of Blue Screen instances. The first of these occurred during a routine defrag and gave the following:
STOP: 0x00000024 (0x001902FE, 0xF78C2BBC, 0xF78C28B8, 0xF7B77467)
Ntfs.sys - Address F7B77467 base at F7B52000, Datestamp 45cc56a7
I tried to do a virus scan and the pc kept crashing before the scan completed, each time giving me a Blue Screen event.
I have now uninstalled FSX and removed the additional 1GB of RAM. I ran a virus scan and got the following message:
Virus Name: Win32\Harnig!generic
Location: C:\WINDOWS\fd.exe<loadadv703.exe>
I am using CA Anti-Virus Ver 8.4.0.24
My PC is a home built system running Windows XP Home Edition with SP 2
My virus software does not provide any apparent fix for the Harnig infection. Can you offer any advice please?
As requested by Tashi I have used HJT and Kaspersky and have copies of the reports, but they are too long to include here and keep it to one post.
I will post them if instructed to do so.
Regards, Andy
Hi andye
Yes, please post those next :)
Hi Shaba, as requested here is the Kaspersky report:
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 23, 2008 10:19:54 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/01/2008
Kaspersky Anti-Virus database records: 528211
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
M:\
N:\
Scan Statistics:
Total number of scanned objects: 441723
Number of viruses found: 4
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 03:48:01
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Admin\Application Data\AOL\ACS\1.0\Credentials.db Object is locked skipped
C:\Documents and Settings\Admin\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Protect\S-1-5-21-1078081533-879983540-1801674531-1006\fbaf19d8-2179-4c8e-9b99-b9e2dad1549f Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Protect\S-1-5-21-1078081533-879983540-1801674531-1006\Preferred Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Desktop\Ground Control.lnk Object is locked skipped
C:\Documents and Settings\Admin\Desktop\My Computer.lnk Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\1171398026\admin\metrics\cmls_cs.tlv Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\1171398026\admin\metrics\cmls_ms.tlv Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\1171398026\admin\profile.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00001 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00002 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00003 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\profile.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\9NFEBDS1\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\9NFEBDS1\fwlink[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\D9T8YXL3\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\L7J1W141\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\WA0F2SM9\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\WA0F2SM9\fwlink[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012007062720070628\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\IMT5CF.xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\IMT5D0.xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\IMT5D1.xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\PMShared Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\PPGUID.txt Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\wnfrynr.ABI Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF56A7.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF5DE5.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF63AB.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF88B1.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF9884.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\443[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\arrow_green_normal[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Behaviors[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\bullet[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Common[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Context[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\desktop_icon_03[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\errorPageStrings[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\MiniNavBar[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\note[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\shared[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\shared[2].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\warning[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\arrow_green_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\Common[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\desktop_icon_02[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\ErrorPageTemplate[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\favcenter[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\HHWRAPPER[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\info_48[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\MiniNavBar[1].xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\NavBar[1].xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\shared[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\shared[2].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\shared[3].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\Uabrand[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\watermark_300x[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\background_gradient[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\blank[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\Common[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\coUAprint[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\desktop_icon_01[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\down[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\firstpage[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\Layout[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\offcancl[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\searchblurb[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\Search[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\shared[1].css Object is locked skipped
I had to split the report in 2 to get it to post here. Part 2 to follow.
I have run Spybot since this report was generated and cured some problems; I have also deleted the Harnig infected file.
Regards
Andy
Shaba here is the 2nd part of the Kaspersky Report.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\shared[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\tools[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\ntuser.ini Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\My Contacts\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\My Messages\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\My Messages\My Drafts\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\Retrieved Files\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Admin\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Admin\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Admin\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Admin\Templates\ACCESS9.MDB Object is locked skipped
C:\Documents and Settings\Admin\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Admin\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Admin\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Admin\Templates\EXCEL9.XLS Object is locked skipped
C:\Documents and Settings\Admin\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Admin\Templates\MSPUB.PUB Object is locked skipped
C:\Documents and Settings\Admin\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Admin\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Admin\Templates\PWRPNT11.POT Object is locked skipped
C:\Documents and Settings\Admin\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Admin\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Admin\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Admin\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Admin\Templates\WINWORD8.DOC Object is locked skipped
C:\Documents and Settings\Admin\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Admin\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10400.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10750.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\eales00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\ealesaj Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\ealesaj.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\ealesaj.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\EALESAJ.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Andy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\History\History.IE5\MSHist012008012320080124\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\Perflib_Perfdata_c54.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\~DF1000.tmp Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\~DF27E1.tmp Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\~DF7CBD.tmp Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy\ntuser.dat Object is locked skipped
C:\Documents and Settings\Andy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-01-23.csv Object is locked skipped
C:\RECYCLER\S-1-5-21-1078081533-879983540-1801674531-1004\Dc12.zip/Rumour.exe Infected: not-virus:BadJoke.Win32.Stupen.a skipped
C:\RECYCLER\S-1-5-21-1078081533-879983540-1801674531-1004\Dc12.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1078081533-879983540-1801674531-1004\Dc9\Rumour.exe Infected: not-virus:BadJoke.Win32.Stupen.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP206\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\fd.exe/data.rar/loadadv703.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\WINDOWS\fd.exe/data.rar Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\WINDOWS\fd.exe RarSFX: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{ED9798A2-2367-417B-B32E-8E981A27A62B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP206\change.log Object is locked skipped
D:\Utility Programs\Replicant 2\Unregister\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utility Programs\Replicant 2\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Old D backup\Utilities\Replicant 2\Unregister\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Old D backup\Utilities\Replicant 2\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Old E backup\Utilities\Replicant 2\Unregister\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Old E backup\Utilities\Replicant 2\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
I shall follow this with the HJT Report.
Regards Andy
Shaba, here as requested is my HJT Report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:36, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
D:\Hardware Support\Creative\Surround Mixer\CTSysVol.exe
D:\Hardware Support\Creative\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
D:\Protection\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\1171398026\ee\AOLSoftware.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LxrSII1s.exe
D:\Utility Programs\Creative\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\PcSync2.exe
C:\Documents and Settings\Andy\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Utility Programs\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\AOL 9.0\aoltray.exe
D:\Utility Programs\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
D:\Protection\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Protection\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
D:\Protection\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\utility programs\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROTEC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\Utility Programs\ReGetDx\iebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] D:\Hardware Support\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] D:\Hardware Support\Creative\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [cctray] "D:\Protection\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171398026\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Utility Programs\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Utility Programs\Creative\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PcSync] D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Andy\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Protection\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Utility Programs\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Utility Programs\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Utility Programs\WinDVD4\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\UTILIT~1\MSOFFI~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\UTILIT~1\MSOFFI~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROTEC~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROTEC~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158250651359
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///M:/SuperCD/IntraLaunch.CAB
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Andy
O17 - HKLM\Software\..\Telephony: DomainName = Andy
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E40CB52-ED91-4443-8F60-C88AC0799F8A}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - D:\Protection\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - D:\Protection\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 14313 bytes
Regards
Andy
Hi
Delete this file:
C:\WINDOWS\fd.exe
Empty Recycle Bin.
Re-scan with kaspersky.
Post:
- a fresh HijackThis log
- kaspersky report
And tell me also if AVG still complains?
ok mate, here is the new Kaspersky report after deleting C:\WINDOWS\fd.exe & Emptying the Recycle Bin.
Saturday, January 26, 2008 12:52:12 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 532563
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
H:\
M:\
N:\
Scan Statistics
Total number of scanned objects 433098
Number of viruses found 4
Number of infected objects 11
Number of suspicious objects 0
Duration of the scan process 03:39:26
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Admin\Application Data\AOL\ACS\1.0\Credentials.db Object is locked skipped
C:\Documents and Settings\Admin\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Protect\S-1-5-21-1078081533-879983540-1801674531-1006\fbaf19d8-2179-4c8e-9b99-b9e2dad1549f Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Protect\S-1-5-21-1078081533-879983540-1801674531-1006\Preferred Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Desktop\Ground Control.lnk Object is locked skipped
C:\Documents and Settings\Admin\Desktop\My Computer.lnk Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Admin\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\1171398026\admin\metrics\cmls_cs.tlv Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\1171398026\admin\metrics\cmls_ms.tlv Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\1171398026\admin\profile.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00001 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00002 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00003 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\AOL\UserProfiles\All Users\profile.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\9NFEBDS1\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\9NFEBDS1\fwlink[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\D9T8YXL3\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\L7J1W141\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\WA0F2SM9\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Feeds Cache\WA0F2SM9\fwlink[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\MSHist012007062720070628\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\IMT5CF.xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\IMT5D0.xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\IMT5D1.xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\PMShared Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\PPGUID.txt Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\wnfrynr.ABI Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF56A7.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF5DE5.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF63AB.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF88B1.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF9884.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\443[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\arrow_green_normal[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Behaviors[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\bullet[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Common[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Context[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\desktop_icon_03[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\errorPageStrings[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\MiniNavBar[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\note[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\shared[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\shared[2].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\warning[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\38WMQ5IS\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\arrow_green_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\Common[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\desktop_icon_02[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\ErrorPageTemplate[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\favcenter[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\HHWRAPPER[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\info_48[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\MiniNavBar[1].xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\NavBar[1].xml Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\shared[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\shared[2].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\shared[3].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\Uabrand[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3VAGUFCX\watermark_300x[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\background_gradient[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\blank[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\Common[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\coUAprint[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\desktop_icon_01[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\down[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\firstpage[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\Layout[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\offcancl[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\searchblurb[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\Search[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\shared[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\9WXFEP79\shared[2].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\coUA[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\desktop_icon_04[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\HomePage[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\httpErrorPagesScripts[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\logo[1].bmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\NavBar[1].htm Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\progbar[1].gif Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\shared[1].css Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\shared[1].js Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Y93V2SIL\tools[1] Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\desktop.ini Object is locked skipped
again had to split into two to post here.
here is part 2
C:\Documents and Settings\Admin\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\ntuser.ini Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\My Contacts\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\My Messages\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\My Messages\My Drafts\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Phone Browser\Retrieved Files\folder.xml Object is locked skipped
C:\Documents and Settings\Admin\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Admin\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Admin\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Admin\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Admin\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Admin\Templates\ACCESS9.MDB Object is locked skipped
C:\Documents and Settings\Admin\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Admin\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Admin\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Admin\Templates\EXCEL9.XLS Object is locked skipped
C:\Documents and Settings\Admin\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Admin\Templates\MSPUB.PUB Object is locked skipped
C:\Documents and Settings\Admin\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Admin\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Admin\Templates\PWRPNT11.POT Object is locked skipped
C:\Documents and Settings\Admin\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Admin\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Admin\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Admin\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Admin\Templates\WINWORD8.DOC Object is locked skipped
C:\Documents and Settings\Admin\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Admin\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10400.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10750.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\eales00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\ealesaj Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\ealesaj.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\ealesaj.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\EALESAJ.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Andy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\~DF102C.tmp Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\~DF6F5.tmp Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temp\~DF7C67.tmp Object is locked skipped
C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy\ntuser.dat Object is locked skipped
C:\Documents and Settings\Andy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-01-25.csv Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\A0077293.exe/data.rar/loadadv703.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\A0077293.exe/data.rar Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\A0077293.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\A0077297.exe Infected: not-virus:BadJoke.Win32.Stupen.a skipped
C:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2AA6697C-09F0-4C13-922E-CC2A4B34340C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\change.log Object is locked skipped
D:\Utility Programs\Replicant 2\Unregister\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Utility Programs\Replicant 2\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\change.log Object is locked skipped
F:\Old D backup\Utilities\Replicant 2\Unregister\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Old D backup\Utilities\Replicant 2\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Old E backup\Utilities\Replicant 2\Unregister\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\Old E backup\Utilities\Replicant 2\xpconf.dat Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{2E329E08-AF23-4CED-9582-33C2D0399715}\RP211\change.log Object is locked skipped
Scan process completed.
HJT Report to follow
Here is the HJT Report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:52:41, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
D:\Hardware Support\Creative\Surround Mixer\CTSysVol.exe
D:\Hardware Support\Creative\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
D:\Protection\CA\CA Internet Security Suite\cctray\cctray.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\AOL\1171398026\ee\AOLSoftware.exe
D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
D:\Utility Programs\Creative\RemoteControl\RCMan.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Documents and Settings\Andy\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
D:\Protection\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Utility Programs\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\AOL 9.0\aoltray.exe
D:\Utility Programs\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
D:\Protection\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
D:\Protection\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Protection\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\utility programs\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROTEC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\Utility Programs\ReGetDx\iebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] D:\Hardware Support\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] D:\Hardware Support\Creative\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [cctray] "D:\Protection\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171398026\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Utility Programs\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] D:\Utility Programs\Creative\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PcSync] D:\Utility Programs\Nokia\PC Suite\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Andy\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Protection\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Utility Programs\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Utility Programs\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Utility Programs\WinDVD4\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\UTILIT~1\MSOFFI~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\UTILIT~1\MSOFFI~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\UTILIT~1\MSOFFI~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\UTILIT~1\MSOFFI~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROTEC~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROTEC~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158250651359
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///M:/SuperCD/IntraLaunch.CAB
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Andy
O17 - HKLM\Software\..\Telephony: DomainName = Andy
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E40CB52-ED91-4443-8F60-C88AC0799F8A}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - D:\Protection\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - D:\Protection\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Protection\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 14489 bytes
I do not have AVG on this PC, I use CA Anti-virus instead and it is reporting no faults
Regards
Andy
Hi
Sorry my bad.
Logs look good.
All viruses are either in system restore or not viruses at all.
I give you later instructions how to empty it.
Other than that, any problems left?
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.