View Full Version : I've been Virtumowned!!!
wvoidbringer
2008-05-25, 21:26
Do I get points for "most creative title?" :D: Anyway, I just got through getting rid of my girlfriend's Virtumonde with Spybot in safe mode, and lo and behold, I've gotten it myself. I scanned the file that infected me with Kaspersky online AND with Symantec before running it, and it still got me.
OK, the goods... I'm copy-pasting my HJT log.
That having been said, I preface this log with the assurances that I have followed all the steps in "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) and in Before you post a log, with the notable exceptions of:
Kaspersky online scanner (It requires ActiveX controls, and my MSIE has been compromised. No ActiveX for me. Woo, Firefox!)
I did run "Fix" on some entries that I knew were malicious, notably some R0 and R1 entries that have not reappeared in the latest scan. The purpose was to remove an R1 entry that was causing internet problems on my infected computer, but I guess I went all gung-ho on it and removed more than that. Therefore, I will post the newest log along with the entries "Fix"ed before the latest scan.I have ComboFix downloaded and ready for guided deployment, as well as Spybot uninstalled.
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:39 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DaemonUI\DaemonUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AIM 5\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DaemonUI] C:\Program Files\DaemonUI\DaemonUI.exe
O4 - HKLM\..\Run: [BMb7ae7a22] Rundll32.exe "C:\WINDOWS\system32\tqcgnmql.dll",s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM 5\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM 5\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9976 bytes
[B]entries from old hijackthis.log that I "Fix"ed
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [BMb7ae7a22] Rundll32.exe "C:\WINDOWS\system32\tqcgnmql.dll",s
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
-----------------
I normally consider myself a computer expert, but I admit that I am a novice at malware removal and defer 100% to a malware university graduate.
steamwiz
2008-05-25, 23:20
HI
Most of the vundo entries are hiding from hijackthis ... you'll need to rename the HiJackThis.exe file a nd run it again to show the hidden entries ... so rename HiJackThis.exe to wvoidbringer.exe or anything else you want & run it & post the new log ...
steam
wvoidbringer
2008-05-25, 23:33
HI
Most of the vundo entries are hiding from hijackthis ... you'll need to rename the HiJackThis.exe file a nd run it again to show the hidden entries ... so rename HiJackThis.exe to wvoidbringer.exe or anything else you want & run it & post the new log ...
steam
Renamed to hjtlolasdf.exe. New log:
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2008-05-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DaemonUI\DaemonUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AIM 5\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Joe\Desktop\hjtlol\hjtlolasdf.exe
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {129FA2A1-408C-4824-83A4-5001581FD01E} - C:\WINDOWS\system32\urqNDTkJ.dll
O2 - BHO: (no name) - {1C1D9297-C861-4D5E-918C-F9C92C2365DE} - C:\WINDOWS\system32\xxyyaYrR.dll (file missing)
O2 - BHO: (no name) - {29BAF8C2-3D54-40F2-B9FD-20C50ED47CBF} - C:\WINDOWS\system32\rqRlLBTJ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F4D2A00D-C55D-4BCB-AA1A-B273DCD2E20C} - C:\WINDOWS\system32\geBtsqoo.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DaemonUI] C:\Program Files\DaemonUI\DaemonUI.exe
O4 - HKLM\..\Run: [BMb7ae7a22] Rundll32.exe "C:\WINDOWS\system32\tqcgnmql.dll",s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM 5\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM 5\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: urqNDTkJ - C:\WINDOWS\SYSTEM32\urqNDTkJ.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10171 bytes
steamwiz
2008-05-25, 23:41
Hi
Now we see them :)
Please Download Malwarebytes' Anti-Malware from Here :-
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or here :-
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.
THEN ...
Please follow these directions to run Combofix & post a log.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
If you've just downloaded the latest Combofix, then you can run it, but if it's an older version, delete it & download a new one.
steam
wvoidbringer
2008-05-26, 00:37
mbam-log-5-25-2008 (16-51-12).txt
Malwarebytes' Anti-Malware 1.12
Database version: 786
Scan type: Quick Scan
Objects scanned: 40042
Time elapsed: 6 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\rqRlLBTJ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urqNDTkJ.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29baf8c2-3d54-40f2-b9fd-20c50ed47cbf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{29baf8c2-3d54-40f2-b9fd-20c50ed47cbf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqndtkj (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMb7ae7a22 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrllbtj -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrllbtj
------------------------
ComboFix.txt
ComboFix 08-05-25.3 - Joe 2008-05-25 17:00:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1294 [GMT -4:00]
Running from: C:\Documents and Settings\Joe\Desktop\cfxlol.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMb7ae7a22.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\JTBLlRqr.ini
C:\WINDOWS\system32\QsBHQqru.ini
C:\WINDOWS\system32\QsBHQqru.ini2
C:\WINDOWS\system32\rqRlLBTJ.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.
2008-05-25 16:43 . 2008-05-25 16:43 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Malwarebytes
2008-05-25 16:42 . 2008-05-25 16:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 16:42 . 2008-05-25 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 16:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 16:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 13:31 . 2008-05-25 13:31 136,704 --a------ C:\WINDOWS\system32\jynacdrr.dll
2008-05-25 13:20 . 2008-05-25 16:51 125,440 --------- C:\WINDOWS\system32\tqcgnmql.dll
2008-05-25 01:51 . 2008-05-25 01:56 <DIR> d-------- C:\ComboFix
2008-05-25 01:19 . 2008-05-25 01:23 <DIR> d-------- C:\68b15ab9904165c076
2008-05-25 00:13 . 2008-05-25 00:45 211 --a------ C:\WINDOWS\wininit.ini
2008-05-24 23:12 . 2008-05-25 16:51 59,392 --------- C:\WINDOWS\system32\urqNDTkJ.dll
2008-05-24 23:09 . 2008-05-24 23:09 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-05-23 20:02 . 2008-05-24 05:06 <DIR> d-------- C:\Program Files\HeroStats
2008-05-23 17:14 . 2008-05-23 17:14 <DIR> d-------- C:\OpenSSL
2008-05-23 17:14 . 2007-10-22 07:10 1,015,808 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-23 17:14 . 2007-10-22 07:10 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-23 17:14 . 2008-05-23 18:57 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-23 17:13 . 2008-05-23 17:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-23 17:13 . 2008-05-23 17:38 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Miranda
2008-05-23 15:24 . 2008-05-23 15:24 <DIR> d-------- C:\Program Files\7-Zip
2008-05-22 00:57 . 2008-05-22 00:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-22 00:57 . 2008-05-22 00:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-21 01:29 . 2008-05-23 23:34 <DIR> d-------- C:\covbinds
2008-05-20 01:54 . 2008-05-20 01:54 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Aim
2008-05-19 13:36 . 2008-05-19 13:36 <DIR> d-------- C:\Program Files\DaemonUI
2008-05-19 13:33 . 2008-05-19 13:33 <DIR> d-------- C:\Program Files\DaemonScript
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\arniWORX
2008-05-19 13:24 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-19 13:02 . 2008-05-19 13:02 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DAEMON Tools
2008-05-18 21:59 . 2005-06-25 15:13 999,484 --a------ C:\WINDOWS\system32\common.dll
2008-05-18 21:19 . 2008-05-18 21:19 <DIR> d-------- C:\Blah
2008-05-18 20:29 . 2008-05-18 20:29 <DIR> d-------- C:\Program Files\PurgeIE
2008-05-18 20:29 . 2008-05-18 20:29 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DelinvFile
2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Program Files\Unlocker
2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Desktopicon
2008-05-18 19:55 . 2008-05-18 19:57 <DIR> d-------- C:\bartpebuilder3110a
2008-05-18 01:23 . 2008-05-18 01:24 <DIR> d-------- C:\Program Files\AltBinz
2008-05-16 02:38 . 2008-05-16 02:38 <DIR> d-------- C:\Program Files\ipsXP
2008-05-15 15:48 . 2008-05-15 21:10 <DIR> d-------- C:\Program Files\iCall
2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-15 14:51 . 2008-05-15 14:51 <DIR> d-------- C:\Program Files\CoH Hero Builder
2008-05-15 14:38 . 2008-05-15 15:17 <DIR> d-------- C:\Program Files\Trillian
2008-05-15 11:49 . 2008-05-15 11:49 <DIR> d-------- C:\Program Files\middle_man
2008-05-13 22:10 . 2008-05-13 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-13 12:04 . 2008-05-13 12:04 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-05-12 00:00 . 2008-05-12 00:01 <DIR> d-------- C:\Program Files\Mids' Hero Designer
2008-05-11 22:29 . 2008-05-11 22:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-11 22:29 . 2008-05-11 22:31 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-05-11 22:29 . 2008-05-11 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-11 22:26 . 2008-05-11 22:26 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-10 02:36 . 2008-05-10 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrueCrypt
2008-05-10 02:31 . 2008-05-10 02:31 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-10 02:31 . 2008-05-18 19:53 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\TrueCrypt
2008-05-10 02:31 . 2008-05-10 02:31 223,424 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-05-10 01:19 . 2008-05-10 02:09 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-09 19:53 . 2008-05-09 19:53 <DIR> d-------- C:\Program Files\Smart Projects
2008-05-09 19:39 . 2008-05-09 19:59 <DIR> d-------- C:\xp
2008-05-09 19:37 . 2008-05-09 20:00 <DIR> d-------- C:\sp3
2008-05-08 12:57 . 2008-05-08 12:57 <DIR> d-------- C:\Downloads
2008-05-08 00:20 . 2008-05-08 00:20 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-08 00:01 . 2008-05-08 00:02 <DIR> d-------- C:\Program Files\AutoUnpack
2008-05-07 13:52 . 2008-05-07 13:52 <DIR> d-------- C:\Program Files\TweakCoH
2008-05-07 12:30 . 2008-05-15 11:49 <DIR> d-------- C:\Program Files\AIM 5
2008-05-06 11:57 . 2008-05-06 11:57 <DIR> d-------- C:\Program Files\QuickPar
2008-05-06 07:33 . 2008-05-06 07:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-06 01:54 . 2007-09-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-06 01:51 . 2008-05-06 01:51 <DIR> d-------- C:\Program Files\MultiRes
2008-05-05 13:24 . 2008-05-22 23:48 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\dvdcss
2008-04-30 21:21 . 2008-04-30 21:26 <DIR> d-------- C:\Program Files\Stella
2008-04-30 18:55 . 2008-04-30 19:31 <DIR> d-------- C:\Program Files\DLDIrc
2008-04-30 17:00 . 2008-04-30 17:00 <DIR> d-------- C:\Program Files\NetDrive
2008-04-30 17:00 . 2003-04-14 16:11 503,808 --a------ C:\WINDOWS\system32\RFHelper.dll
2008-04-30 17:00 . 2001-07-28 09:42 221,184 --a------ C:\WINDOWS\system32\rfwdres.dll
2008-04-30 17:00 . 2003-03-26 12:52 139,264 --a------ C:\WINDOWS\system32\RFNP32.dll
2008-04-30 17:00 . 2002-12-18 00:18 126,976 --a------ C:\WINDOWS\system32\rfshext.dll
2008-04-30 17:00 . 2001-08-23 09:24 32,768 --a------ C:\WINDOWS\system32\rfhres.dll
2008-04-30 17:00 . 2001-07-28 16:33 24,576 --a------ C:\WINDOWS\system32\rfshres.dll
2008-04-30 17:00 . 2002-04-12 15:19 20,480 --a------ C:\WINDOWS\system32\rfstrres.dll
2008-04-29 12:47 . 2008-04-29 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-04-29 12:47 . 2006-04-28 05:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-04-29 12:47 . 2006-04-28 05:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-04-29 12:47 . 2006-04-28 05:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-04-29 12:47 . 2006-04-28 05:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-04-29 12:47 . 2006-04-28 05:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-04-29 12:47 . 2006-11-22 09:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-04-29 12:47 . 2006-11-22 09:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-04-29 12:47 . 2006-11-22 10:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-04-29 12:46 . 2008-04-29 12:46 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-29 12:44 . 2008-04-29 12:44 100 --a------ C:\WINDOWS\Lexstat.ini
2008-04-29 12:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-29 12:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-04-29 12:41 . 2007-02-07 18:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-04-29 09:06 . 2008-04-29 09:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 12:44 . 2008-04-26 12:44 <DIR> d-------- C:\Program Files\NFO Creator
2008-04-26 12:04 . 2008-05-14 09:20 <DIR> d-------- C:\WADs
2008-04-25 18:07 . 2008-04-25 18:07 <DIR> d-------- C:\Program Files\Safer Networking
2008-04-25 17:52 . 2008-05-25 01:42 <DIR> d-------- C:\VundoFix Backups
2008-04-25 17:28 . 2008-04-25 17:28 <DIR> d-------- C:\Program Files\CCleaner
2008-04-25 16:11 . 2008-05-25 15:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-25 16:11 . 2008-05-25 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 21:05 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-25 21:02 --------- d-----w C:\Documents and Settings\Joe\Application Data\uTorrent
2008-05-25 20:56 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-05-25 19:43 --------- d-----w C:\Program Files\Bonjour
2008-05-25 05:35 --------- d-----w C:\Program Files\PowerISO
2008-05-25 05:32 --------- d-----w C:\Program Files\Random
2008-05-25 04:15 --------- d-----w C:\Program Files\LogMeIn
2008-05-25 03:12 --------- d-----w C:\Program Files\NoteZilla
2008-05-24 23:28 --------- d-----w C:\Program Files\City of Heroes
2008-05-22 03:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-21 22:42 --------- d-----w C:\Program Files\Warcraft III
2008-05-19 17:02 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 03:20 --------- d-----w C:\Documents and Settings\Joe\Application Data\NewsLeecher
2008-05-18 21:54 --------- d-----w C:\Program Files\NewsLeecher
2008-05-18 19:29 --------- d-----w C:\Documents and Settings\Joe\Application Data\U3
2008-05-14 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 02:03 --------- d-----w C:\Program Files\Dell
2008-05-12 01:53 --------- d-----w C:\Program Files\X-OOM Media Center for Wii
2008-05-11 20:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 04:13 --------- d-----w C:\Documents and Settings\Joe\Application Data\FileZilla
2008-05-10 04:10 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-09 19:48 --------- d-----w C:\Documents and Settings\Joe\Application Data\Hamachi
2008-05-09 03:18 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-07 18:13 --------- d-----w C:\Program Files\Viewpoint
2008-05-07 16:30 --------- d-----w C:\Program Files\AOD
2008-05-06 11:33 --------- d-----w C:\Program Files\MSECache
2008-05-06 05:51 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-05-06 05:11 --------- d-----w C:\Program Files\Final Fantasy VII
2008-05-05 17:23 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-04 03:08 --------- d-----w C:\Program Files\WinPcap
2008-05-04 02:51 --------- d-----w C:\Program Files\WC3Banlist
2008-04-28 23:57 --------- d-----w C:\Documents and Settings\Joe\Application Data\OpenOffice.org2
2008-04-26 23:06 --------- d-----w C:\Program Files\SNES9x
2008-04-26 05:22 --------- d-----w C:\Program Files\Binary News Reaper
2008-04-23 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 23:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 19:17 --------- d-----w C:\Documents and Settings\Joe\Application Data\Nvu
2008-04-21 19:56 --------- d-----w C:\Program Files\Panasonic
2008-04-19 20:11 --------- d-----w C:\Documents and Settings\Joe\Application Data\Move Networks
2008-04-08 15:57 --------- d-----w C:\Program Files\Nvu
2008-04-07 23:04 --------- d-----w C:\Documents and Settings\Joe\Application Data\DNA
2008-04-07 19:02 --------- d-----w C:\Program Files\PHP
2008-04-07 19:00 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-04-07 03:32 --------- d-----w C:\Program Files\gAlwaysIdle
2008-04-06 20:54 --------- d-----w C:\Program Files\Real Alternative
2008-04-04 14:08 --------- d-----w C:\Program Files\Hardcoded Software
2008-04-04 14:08 --------- d-----w C:\Documents and Settings\Joe\Application Data\Hardcoded Software
2008-03-31 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-03-31 01:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-31 01:23 --------- d-----w C:\Program Files\Common Files\L&H
2008-03-31 01:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 19:23 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-29 22:43 --------- d-----w C:\Program Files\Winamp Remote
2008-03-29 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-29 22:37 --------- d-----w C:\Program Files\Winamp
2008-03-29 22:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Winamp
2008-03-26 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-25 16:15 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-03-25 16:15 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-25 15:16 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-03-25 15:13 --------- d-----w C:\Program Files\VideoLAN
2008-03-25 05:06 --------- d-----w C:\Program Files\Torrents Open Registrations Checker
2008-03-05 21:29 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-05 21:29 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-02-28 18:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 18:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-03-25 12:15 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-25 12:15 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-25_ 2.25.55.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 06:14:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 21:04:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-25 06:15:05 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-05-25 21:09:04 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-05-25 06:15:05 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-05-25 21:09:04 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
- 2008-05-25 06:15:15 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008052520080526\index.dat
+ 2008-05-25 21:09:07 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008052520080526\index.dat
- 2008-05-25 06:15:05 49,152 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 21:09:04 49,152 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1D9297-C861-4D5E-918C-F9C92C2365DE}]
C:\WINDOWS\system32\xxyyaYrR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4D2A00D-C55D-4BCB-AA1A-B273DCD2E20C}]
C:\WINDOWS\system32\geBtsqoo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-24 22:43 219952]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 12:58 856064]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-03-05 19:12 526848]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"TrueCrypt"="C:\Program Files\TrueCrypt\TrueCrypt.exe" [2008-05-10 02:31 1106112]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-04-01 05:39 486856]
"AIM"="C:\Program Files\AIM 5\aim.exe" [2006-08-01 15:35 67112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 21:48 1392640]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 12:16 2629632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 17:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 21:48 125368]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 17:25 937984]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [2008-01-07 16:35 49152]
"AtiPTA"="atiptaxx.exe" [2006-02-21 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"DaemonUI"="C:\Program Files\DaemonUI\DaemonUI.exe" [2007-04-24 10:25 931736]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VSPX"= vspxvfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Joe\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUnpack]
--a------ 2007-09-12 09:53 888832 C:\Program Files\AutoUnpack\AutoUnpack.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-27 10:30 288576 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
--a------ 2007-08-28 14:24 1191936 C:\Program Files\iCall\iCall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaCenter]
--a------ 2007-12-23 14:33 1384448 C:\Program Files\X-OOM Media Center for Wii\MediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-24 22:59 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
--a------ 2007-02-27 16:29 315392 C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QNPlus]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\X-OOM Media Center for Wii\\server\\server\\Apache\\MediacenterLibrary.exe"=
"C:\\Program Files\\X-OOM Media Center for Wii\\server\\server\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\AIM 5\\aim.exe"=
"C:\\Program Files\\iCall\\iCall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Documents and Settings\\Joe\\Desktop\\Misc\\pickup.listchecker.exe"=
"C:\\bartpebuilder3110a\\plugin\\ultravnc\\files\\winvnc.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9967:TCP"= 9967:TCP:BitComet 9967 TCP
"9967:UDP"= 9967:UDP:BitComet 9967 UDP
"5060:UDP"= 5060:UDP:iCall Port
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 05:05]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 07:03]
R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2002-11-27 13:40]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2007-03-01 12:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47d85f6a-eb5a-11dc-89a4-0019b97b95e8}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{568bece0-21b7-11dd-89e1-0019b97b95e8}]
\Shell\AutoRun\command - I:\Programs\nu2menu\nu2menu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78c8c678-25c8-11dd-89e8-0019b97b95e8}]
\Shell\AutoRun\command - E:\setup.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 17:09:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RFHelper.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\gAlwaysIdle\gidle.dll
-> C:\Program Files\IconChanger\IconChng.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FileZilla Server\FileZilla server.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-05-25 17:15:46 - machine was rebooted [Joe]
ComboFix-quarantined-files.txt 2008-05-25 21:15:40
ComboFix2.txt 2008-05-25 06:28:39
Pre-Run: 28,599,201,792 bytes free
Post-Run: 28,589,821,952 bytes free
388 --- E O F --- 2008-05-22 03:43:23
--------------------
*holds breath*
wvoidbringer
2008-05-26, 00:40
MBAM log got cut short.
Here you go:
mbam-log-5-25-2008 (16-51-12).txt
Malwarebytes' Anti-Malware 1.12
Database version: 786
Scan type: Quick Scan
Objects scanned: 40042
Time elapsed: 6 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\rqRlLBTJ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urqNDTkJ.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29baf8c2-3d54-40f2-b9fd-20c50ed47cbf} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{29baf8c2-3d54-40f2-b9fd-20c50ed47cbf} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqndtkj (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMb7ae7a22 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{129fa2a1-408c-4824-83a4-5001581fd01e} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrllbtj -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrllbtj -> Delete on reboot.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\gyfphdbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obdhpfyg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRlLBTJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\JTBLlRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\JTBLlRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vnvehppj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpphevnv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xqwvgdpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpdgvwqx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hljjhmft.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmnpopqe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqcgnmql.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\urqNDTkJ.dll (Trojan.Vundo) -> Delete on reboot.
steamwiz
2008-05-26, 01:17
HI
That's made a big hole on the malware, however there is a conflict between what the logs report, as to whether certain malware files have been deleted or not ... so please run both Malwarebytes' Anti-Malware & Combofix again & post the new logs, so that I can get the true picture ...
Also please try and run the Kaspersky Online Scan again ...
Please run a Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
Click Accept
You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Once finished, save the log to your Desktop as filename KAV.txt
So that's a new :-
1. Malwarebytes' Anti-Malware log
2. Combofix log
3. KAV.txt Please
steam
wvoidbringer
2008-05-26, 19:38
Just got finished with the Kaspersky scanner... that thing takes forever and kinda overreacts to everything on my computer, it would seem... I guess they try to scare new users into buying their product to get rid of their scary logfiles?
Anyways, here they are:
mbam-log-5-25-2008 (20-06-16).txt
Malwarebytes' Anti-Malware 1.12
Database version: 786
Scan type: Quick Scan
Objects scanned: 39807
Time elapsed: 4 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------
ComboFix.txt
ComboFix 08-05-25.3 - Joe 2008-05-25 20:07:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1246 [GMT -4:00]
Running from: C:\Documents and Settings\Joe\Desktop\cfxlol.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
2008-05-25 16:43 . 2008-05-25 16:43 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Malwarebytes
2008-05-25 16:42 . 2008-05-25 16:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 16:42 . 2008-05-25 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 16:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 16:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 13:31 . 2008-05-25 13:31 136,704 --a------ C:\WINDOWS\system32\jynacdrr.dll
2008-05-25 13:20 . 2008-05-25 16:51 125,440 --------- C:\WINDOWS\system32\tqcgnmql.dll
2008-05-25 01:51 . 2008-05-25 01:56 <DIR> d-------- C:\ComboFix
2008-05-25 01:19 . 2008-05-25 01:23 <DIR> d-------- C:\68b15ab9904165c076
2008-05-25 00:13 . 2008-05-25 00:45 211 --a------ C:\WINDOWS\wininit.ini
2008-05-24 23:09 . 2008-05-24 23:09 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-05-23 20:02 . 2008-05-24 05:06 <DIR> d-------- C:\Program Files\HeroStats
2008-05-23 17:14 . 2008-05-23 17:14 <DIR> d-------- C:\OpenSSL
2008-05-23 17:14 . 2007-10-22 07:10 1,015,808 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-23 17:14 . 2007-10-22 07:10 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-23 17:14 . 2008-05-23 18:57 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-23 17:13 . 2008-05-23 17:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-23 17:13 . 2008-05-23 17:38 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Miranda
2008-05-23 15:24 . 2008-05-23 15:24 <DIR> d-------- C:\Program Files\7-Zip
2008-05-22 00:57 . 2008-05-22 00:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-22 00:57 . 2008-05-22 00:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-21 01:29 . 2008-05-23 23:34 <DIR> d-------- C:\covbinds
2008-05-20 01:54 . 2008-05-20 01:54 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Aim
2008-05-19 13:36 . 2008-05-19 13:36 <DIR> d-------- C:\Program Files\DaemonUI
2008-05-19 13:33 . 2008-05-19 13:33 <DIR> d-------- C:\Program Files\DaemonScript
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\arniWORX
2008-05-19 13:24 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-19 13:02 . 2008-05-19 13:02 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DAEMON Tools
2008-05-18 21:59 . 2005-06-25 15:13 999,484 --a------ C:\WINDOWS\system32\common.dll
2008-05-18 21:19 . 2008-05-18 21:19 <DIR> d-------- C:\Blah
2008-05-18 20:29 . 2008-05-18 20:29 <DIR> d-------- C:\Program Files\PurgeIE
2008-05-18 20:29 . 2008-05-18 20:29 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DelinvFile
2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Program Files\Unlocker
2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Desktopicon
2008-05-18 19:55 . 2008-05-18 19:57 <DIR> d-------- C:\bartpebuilder3110a
2008-05-18 01:23 . 2008-05-18 01:24 <DIR> d-------- C:\Program Files\AltBinz
2008-05-16 02:38 . 2008-05-16 02:38 <DIR> d-------- C:\Program Files\ipsXP
2008-05-15 15:48 . 2008-05-15 21:10 <DIR> d-------- C:\Program Files\iCall
2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-15 14:51 . 2008-05-15 14:51 <DIR> d-------- C:\Program Files\CoH Hero Builder
2008-05-15 14:38 . 2008-05-15 15:17 <DIR> d-------- C:\Program Files\Trillian
2008-05-15 11:49 . 2008-05-15 11:49 <DIR> d-------- C:\Program Files\middle_man
2008-05-13 22:10 . 2008-05-13 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-13 12:04 . 2008-05-13 12:04 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-05-12 00:00 . 2008-05-12 00:01 <DIR> d-------- C:\Program Files\Mids' Hero Designer
2008-05-11 22:29 . 2008-05-11 22:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-11 22:29 . 2008-05-11 22:31 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-05-11 22:29 . 2008-05-11 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-11 22:26 . 2008-05-11 22:26 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-10 02:36 . 2008-05-10 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrueCrypt
2008-05-10 02:31 . 2008-05-10 02:31 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-10 02:31 . 2008-05-18 19:53 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\TrueCrypt
2008-05-10 02:31 . 2008-05-10 02:31 223,424 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-05-10 01:19 . 2008-05-10 02:09 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-09 19:53 . 2008-05-09 19:53 <DIR> d-------- C:\Program Files\Smart Projects
2008-05-09 19:39 . 2008-05-09 19:59 <DIR> d-------- C:\xp
2008-05-09 19:37 . 2008-05-09 20:00 <DIR> d-------- C:\sp3
2008-05-08 12:57 . 2008-05-08 12:57 <DIR> d-------- C:\Downloads
2008-05-08 00:20 . 2008-05-08 00:20 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-08 00:01 . 2008-05-08 00:02 <DIR> d-------- C:\Program Files\AutoUnpack
2008-05-07 13:52 . 2008-05-07 13:52 <DIR> d-------- C:\Program Files\TweakCoH
2008-05-07 12:30 . 2008-05-15 11:49 <DIR> d-------- C:\Program Files\AIM 5
2008-05-06 11:57 . 2008-05-06 11:57 <DIR> d-------- C:\Program Files\QuickPar
2008-05-06 07:33 . 2008-05-06 07:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-06 01:54 . 2007-09-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-06 01:51 . 2008-05-06 01:51 <DIR> d-------- C:\Program Files\MultiRes
2008-05-05 13:24 . 2008-05-22 23:48 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\dvdcss
2008-04-30 21:21 . 2008-04-30 21:26 <DIR> d-------- C:\Program Files\Stella
2008-04-30 18:55 . 2008-04-30 19:31 <DIR> d-------- C:\Program Files\DLDIrc
2008-04-30 17:00 . 2008-04-30 17:00 <DIR> d-------- C:\Program Files\NetDrive
2008-04-30 17:00 . 2003-04-14 16:11 503,808 --a------ C:\WINDOWS\system32\RFHelper.dll
2008-04-30 17:00 . 2001-07-28 09:42 221,184 --a------ C:\WINDOWS\system32\rfwdres.dll
2008-04-30 17:00 . 2003-03-26 12:52 139,264 --a------ C:\WINDOWS\system32\RFNP32.dll
2008-04-30 17:00 . 2002-12-18 00:18 126,976 --a------ C:\WINDOWS\system32\rfshext.dll
2008-04-30 17:00 . 2001-08-23 09:24 32,768 --a------ C:\WINDOWS\system32\rfhres.dll
2008-04-30 17:00 . 2001-07-28 16:33 24,576 --a------ C:\WINDOWS\system32\rfshres.dll
2008-04-30 17:00 . 2002-04-12 15:19 20,480 --a------ C:\WINDOWS\system32\rfstrres.dll
2008-04-29 12:47 . 2008-04-29 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-04-29 12:47 . 2006-04-28 05:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-04-29 12:47 . 2006-04-28 05:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-04-29 12:47 . 2006-04-28 05:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-04-29 12:47 . 2006-04-28 05:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-04-29 12:47 . 2006-04-28 05:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-04-29 12:47 . 2006-11-22 09:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-04-29 12:47 . 2006-11-22 09:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-04-29 12:47 . 2006-11-22 10:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-04-29 12:46 . 2008-04-29 12:46 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-29 12:44 . 2008-04-29 12:44 100 --a------ C:\WINDOWS\Lexstat.ini
2008-04-29 12:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-29 12:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-04-29 12:41 . 2007-02-07 18:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-04-29 09:06 . 2008-04-29 09:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 12:44 . 2008-04-26 12:44 <DIR> d-------- C:\Program Files\NFO Creator
2008-04-26 12:04 . 2008-05-14 09:20 <DIR> d-------- C:\WADs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 00:07 --------- d-----w C:\Documents and Settings\Joe\Application Data\uTorrent
2008-05-25 21:33 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-05-25 21:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-25 19:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-25 19:43 --------- d-----w C:\Program Files\Bonjour
2008-05-25 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 05:35 --------- d-----w C:\Program Files\PowerISO
2008-05-25 05:32 --------- d-----w C:\Program Files\Random
2008-05-25 04:15 --------- d-----w C:\Program Files\LogMeIn
2008-05-25 03:12 --------- d-----w C:\Program Files\NoteZilla
2008-05-24 23:28 --------- d-----w C:\Program Files\City of Heroes
2008-05-22 03:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-21 22:42 --------- d-----w C:\Program Files\Warcraft III
2008-05-19 17:02 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 03:20 --------- d-----w C:\Documents and Settings\Joe\Application Data\NewsLeecher
2008-05-18 21:54 --------- d-----w C:\Program Files\NewsLeecher
2008-05-18 19:29 --------- d-----w C:\Documents and Settings\Joe\Application Data\U3
2008-05-14 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 02:03 --------- d-----w C:\Program Files\Dell
2008-05-12 01:53 --------- d-----w C:\Program Files\X-OOM Media Center for Wii
2008-05-11 20:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 04:13 --------- d-----w C:\Documents and Settings\Joe\Application Data\FileZilla
2008-05-10 04:10 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-09 19:48 --------- d-----w C:\Documents and Settings\Joe\Application Data\Hamachi
2008-05-09 03:18 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-07 18:13 --------- d-----w C:\Program Files\Viewpoint
2008-05-07 16:30 --------- d-----w C:\Program Files\AOD
2008-05-06 11:33 --------- d-----w C:\Program Files\MSECache
2008-05-06 05:51 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-05-06 05:11 --------- d-----w C:\Program Files\Final Fantasy VII
2008-05-05 17:23 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-04 03:08 --------- d-----w C:\Program Files\WinPcap
2008-05-04 02:51 --------- d-----w C:\Program Files\WC3Banlist
2008-04-28 23:57 --------- d-----w C:\Documents and Settings\Joe\Application Data\OpenOffice.org2
2008-04-26 23:06 --------- d-----w C:\Program Files\SNES9x
2008-04-26 05:22 --------- d-----w C:\Program Files\Binary News Reaper
2008-04-25 22:07 --------- d-----w C:\Program Files\Safer Networking
2008-04-25 21:28 --------- d-----w C:\Program Files\CCleaner
2008-04-23 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 23:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 19:17 --------- d-----w C:\Documents and Settings\Joe\Application Data\Nvu
2008-04-21 19:56 --------- d-----w C:\Program Files\Panasonic
2008-04-19 20:11 --------- d-----w C:\Documents and Settings\Joe\Application Data\Move Networks
2008-04-08 15:57 --------- d-----w C:\Program Files\Nvu
2008-04-07 23:04 --------- d-----w C:\Documents and Settings\Joe\Application Data\DNA
2008-04-07 19:02 --------- d-----w C:\Program Files\PHP
2008-04-07 19:00 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-04-07 03:32 --------- d-----w C:\Program Files\gAlwaysIdle
2008-04-06 20:54 --------- d-----w C:\Program Files\Real Alternative
2008-04-04 14:08 --------- d-----w C:\Program Files\Hardcoded Software
2008-04-04 14:08 --------- d-----w C:\Documents and Settings\Joe\Application Data\Hardcoded Software
2008-03-31 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-03-31 01:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-31 01:23 --------- d-----w C:\Program Files\Common Files\L&H
2008-03-31 01:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 19:23 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-29 22:43 --------- d-----w C:\Program Files\Winamp Remote
2008-03-29 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-29 22:37 --------- d-----w C:\Program Files\Winamp
2008-03-29 22:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Winamp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 21:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-05 21:29 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-05 21:29 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-04 17:41 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 18:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 18:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-03-25 12:15 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-25 12:15 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-25_ 2.25.55.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 06:14:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 21:31:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-25 06:15:05 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-05-25 21:32:06 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-05-25 06:15:05 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-05-25 21:32:06 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
- 2008-05-25 06:15:15 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008052520080526\index.dat
+ 2008-05-25 21:31:57 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008052520080526\index.dat
- 2008-05-25 06:15:05 49,152 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 21:32:06 49,152 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1D9297-C861-4D5E-918C-F9C92C2365DE}]
C:\WINDOWS\system32\xxyyaYrR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4D2A00D-C55D-4BCB-AA1A-B273DCD2E20C}]
C:\WINDOWS\system32\geBtsqoo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-24 22:43 219952]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 12:58 856064]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-03-05 19:12 526848]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"TrueCrypt"="C:\Program Files\TrueCrypt\TrueCrypt.exe" [2008-05-10 02:31 1106112]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-04-01 05:39 486856]
"AIM"="C:\Program Files\AIM 5\aim.exe" [2006-08-01 15:35 67112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 21:48 1392640]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 12:16 2629632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 17:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 21:48 125368]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 17:25 937984]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [2008-01-07 16:35 49152]
"AtiPTA"="atiptaxx.exe" [2006-02-21 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"DaemonUI"="C:\Program Files\DaemonUI\DaemonUI.exe" [2007-04-24 10:25 931736]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VSPX"= vspxvfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Joe\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUnpack]
--a------ 2007-09-12 09:53 888832 C:\Program Files\AutoUnpack\AutoUnpack.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-27 10:30 288576 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
--a------ 2007-08-28 14:24 1191936 C:\Program Files\iCall\iCall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaCenter]
--a------ 2007-12-23 14:33 1384448 C:\Program Files\X-OOM Media Center for Wii\MediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-24 22:59 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
--a------ 2007-02-27 16:29 315392 C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QNPlus]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\X-OOM Media Center for Wii\\server\\server\\Apache\\MediacenterLibrary.exe"=
"C:\\Program Files\\X-OOM Media Center for Wii\\server\\server\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\AIM 5\\aim.exe"=
"C:\\Program Files\\iCall\\iCall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Documents and Settings\\Joe\\Desktop\\Misc\\pickup.listchecker.exe"=
"C:\\bartpebuilder3110a\\plugin\\ultravnc\\files\\winvnc.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9967:TCP"= 9967:TCP:BitComet 9967 TCP
"9967:UDP"= 9967:UDP:BitComet 9967 UDP
"5060:UDP"= 5060:UDP:iCall Port
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 05:05]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 07:03]
R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-05-05 20:46]
R2 MBAMService;MBAMService;"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-05-05 20:46]
R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2002-11-27 13:40]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2007-03-01 12:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47d85f6a-eb5a-11dc-89a4-0019b97b95e8}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{568bece0-21b7-11dd-89e1-0019b97b95e8}]
\Shell\AutoRun\command - I:\Programs\nu2menu\nu2menu.exe
*Newly Created Service* - MBAMDRVSERVICE
*Newly Created Service* - MBAMSERVICE
*Newly Created Service* - PGFILTER
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 20:10:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RFHelper.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\gAlwaysIdle\gidle.dll
.
Completion time: 2008-05-25 20:12:07
ComboFix-quarantined-files.txt 2008-05-26 00:12:02
ComboFix2.txt 2008-05-25 21:15:47
ComboFix3.txt 2008-05-25 06:28:39
Pre-Run: 28,637,753,344 bytes free
Post-Run: 28,621,012,992 bytes free
355 --- E O F --- 2008-05-22 03:43:23
---------------------------------
Stay tuned for Kaspersky, coming up next post!
wvoidbringer
2008-05-26, 19:40
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 12:28:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/05/2008
Kaspersky Anti-Virus database records: 800778
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 121152
Number of viruses found: 5
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:53:43
Infected Object Name / Virus Name / Last Action
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\bartpebuilder3110a\plugin\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\bartpebuilder3110a\plugin\ultravnc\files\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\bartpebuilder3110a\plugin\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-02DBE4AB-07FA-45CD-924B-6F0D97F1C179.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0432FE86-2848-4BC1-8F72-83B1AAA177FD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-04567014-2E53-489B-9624-351D4D7236D9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0501A262-C6F0-4C93-8D1C-9BFF1A00DA93.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-05511098-A3AF-48C8-A857-35D1E6CA6A87.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0651D374-4094-4725-A207-860F63220D64.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-075E7AB2-7D27-47D5-B61E-060E5EB9BF3A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-09E49CE7-4FA9-4965-A3ED-72ECCDC2D321.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-09F6A3AF-43E6-45E8-9172-F6AFFEE31F9C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0AF9DB67-9DF1-4AA4-8E09-C80880F7CE1C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0C160D86-024B-47A0-82DC-674C3E9278B9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0C1F06CD-63E5-4290-A818-165DAB9E7D77.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0D853504-EE3C-4EA1-870B-73B82FAB3092.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0F4A798D-399A-4439-80D5-74BC45DAC55A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-101E29F3-637A-4FF7-8DAB-7FCB8E0A86D3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-12A4F14B-1C22-4878-9605-4B838EB5632E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-12AD1133-8353-4D2A-9CE9-1DC4AB6ED6E8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-137F48B0-356E-41A3-8E94-14BAEB450CA4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-143CE639-6E82-4884-A7F6-2FE3620977BE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1445CC21-1B71-40F2-87AA-1D5328950775.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-145002E7-FE0B-47CC-A80C-F1AB7BD344B2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-14D2BCC1-C7FF-4A3B-8E62-B6FAB6C21EB2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-16FFAF0D-E6EE-4DEF-B812-58E46C3DF0D6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-178D2916-4E41-4F63-9E0C-CEE26E2A7759.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-191978F7-C26C-4CD7-857E-2FA80403C78C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1B257AA9-50C5-4248-80D9-7DF3B58D54AE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1B2EAFC7-D367-4235-8C0C-6A9274F43498.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1B5533B1-F9B0-49F4-80DC-C3373FE948B8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1C44EC07-E61A-4282-9968-875FDC62FFC2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1C9C5949-8DB7-4A11-B0A9-458E16C10832.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1D6AD7EF-562C-4D37-BED3-1EBF763D8F63.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1DD55453-D004-48BE-9097-BD0E19A1D37D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1E5B8F92-E55B-4CAA-AA65-DD5A78576212.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1EA5A6AE-75F9-4B98-8FA1-3B151F2044EB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1EAC31E5-1B3F-4934-8E04-497AA63BE2B9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1EF9DA0D-4A1D-4256-961B-8508903F0A01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1F908BC8-A413-4179-AAF5-4A20D1A46CE3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-20CD13CB-A935-44BF-8AB8-14EDDB088625.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2137495D-59CE-40B7-B73B-EC3B1F32B0BB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-21D8434C-102B-48CA-997D-9A5F6AF2FBFB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-22FEF109-5BDB-498B-B2AC-ADCDB730722C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2332DE72-EBA4-445E-BD71-E9640F067347.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-23F87C14-05B6-499D-8CC8-9752B49EE311.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-243BC0C6-BA5B-47D5-89C8-A5B86DFE8DDA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-24860D21-04EC-4770-9B4A-80F190103B87.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-249EDDF3-D734-4D58-8AE1-BF3DB3A3B8F5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-257CA894-DA2A-420F-89B9-79C0531BE6F8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2635A473-E396-427A-B9D7-19D833AB4791.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-26B65D2D-377E-4B78-9F9F-4776E4066058.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2789AC01-738F-4DF8-A6CF-568DFFE1559C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-29118603-6F22-47C6-ABFC-EAC61B634D89.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2B6B0F8F-4A0D-4FBB-A81F-B73A5720F803.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2BECD916-6E3D-4A6A-957C-D22497D2F6D1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2CF87747-AD50-4E37-8A9A-1FCA41B3B0C0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2D49D24E-662D-4BCA-97FF-517941C44227.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2E76A896-1093-4C51-9015-BE19B43D7A01.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-30054D99-BBE1-492A-A9B7-4FC40E637BB5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-30D18EA5-C6A3-45EE-93E8-7A5682561BF6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-312406A9-AE8B-4ADF-B424-595351840CD1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3186B09E-94DA-4819-9B5D-F2B5D81CE34F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-32741820-079C-41EF-9A7F-EC72B1C25EF7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-35AB41A5-5DF3-4D49-8D74-A71A143532BB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-36C5DB46-B8AE-457F-BB72-007C7929E2CC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-37450522-53E5-4E98-A123-307323B28AFA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-37930393-F1AB-4463-A89A-58111E956E60.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-38186B78-37B8-48C3-BE18-29C226729357.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3836E41C-78B8-4252-A2E3-1AF88F04D9E1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-387AC164-5091-4915-89AD-7007D6E26C48.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-38E56972-36EC-4560-8593-C2B5A5F2AAEB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3A51EDC7-9B88-4B06-98E6-4D6C957E4132.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3B18F13F-1D47-4E74-A669-C321C0469F5E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3C11E24A-851B-466A-9AC4-B9F813A2D2C3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3CD0A1C4-B483-4F06-9991-DD0FB83AC8C8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3CECE3A0-0E24-49E2-BB66-FE41C83876F2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3CF7AFE6-2CBE-466E-BDAC-9E6DEF24FF4F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3D108535-CFE5-44BC-ACEF-DD600363B1BB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3D5F77D6-2552-48FB-9CD4-4191C047F831.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3E0C8977-7D84-47DD-900F-DA03D7B610D0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3E33BCA0-76F5-47EA-A807-53946F411336.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3E4185A9-22FD-4D7E-919B-E27E3D796B30.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3E8DA31B-8C93-4AD8-B186-62E35374875C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3FBC3889-6642-4E1A-A8A6-934B9914F1A9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-400FE750-7D52-4B5C-BC63-DC355B7AC9AF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-406DF879-A126-46AB-812C-4F5150B871EE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-429418B2-09B3-43D0-95C8-1CAE5AB39D57.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-42A939C3-C1C6-4746-BBAF-5195DDB0E60C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-42D7BA65-9A2E-4E9A-892E-8054881409A1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4471B37F-24D7-4501-BF9B-27BAAD987BD4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-44E46537-6FA4-48E0-BC94-61B0DB86FFC8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4551707B-A5D4-401E-8ABB-6A658CE02EB0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-457CE496-D0BE-441D-81E2-2F11D0869726.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-484A0A86-A47F-4155-B3F5-ADE43352AF69.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-49A9F12B-4426-4481-9114-4E6348259397.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-49ACD63A-789A-46C7-A1E7-6ACBA477A9D2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4B106856-5853-497E-8161-4C9973B91FDE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4B9C9435-50AC-46C5-84C4-C4F48C84405F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4C14A511-33BA-40A7-9FBC-D51CECE7CB7B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4C8E78B2-2FC3-49D4-BDD8-1440FC116905.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4D242D0D-9E10-4850-B1A4-A8BA3101EECD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4F30A4EC-317F-4508-8AD9-B57C6DDFA5CA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-50496A32-1022-41DE-9261-6007BAD61C25.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-506F2D23-8D66-4680-8700-5E6C825B51BA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-51D0403E-72BF-4FB9-A95A-1DBDCA937DDE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-527878F6-BD39-46F1-A2D8-09A4A3219D96.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-52B5DB70-DE73-47F2-B072-2D7E2BA7F540.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-53DF920B-1D78-484B-A7F8-162BE5919254.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-554BC4D5-DD25-4B6F-8E49-3390061AB7D9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-55830E0D-B89F-48F5-BF4C-B11F273696BD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-56D2A4AA-C744-4A02-8F66-95D05C138724.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5754015E-7DC3-4DCD-BD8A-7222C2D8F61F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5B91AD10-A29E-4F58-BA50-BBADC7752DF4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5C4B5221-3405-4DC8-82C4-15D82C28DE6A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5C5B2CB0-E1D6-473A-AF72-02ACEF92D093.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5D59DE64-810A-4CCF-86BE-099F6D71853E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5EE96485-57A0-4E06-BDE2-710881223476.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5F24D3DE-ED22-43B4-940B-91000C7F4F6B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5FC5D0F5-17CD-49BE-ACD8-9557481364A7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5FCB5505-CE71-4B70-9D72-B0222F535AAD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5FDFDE6A-4781-465C-99D7-2C056A28C653.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-616EE60B-5736-4C5E-93A3-83C0D52ED38C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-61F5C4E8-E2AF-4847-8693-5F8FA0E3B8E6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-62DC5D95-A561-44EB-AED4-F1E822E8357C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6335DD51-DBFB-4825-87D9-BCC122C1DDC1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-63BE4CC6-08E5-475D-B43B-06F890737C71.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-645AEA04-30BA-4D20-B6E6-DDF201FA06B7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-64A92449-12E4-4FF9-9535-0C5FB2C00BB7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-65B460C3-B719-490F-9921-71B7F3EEA2B7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-66F09D8C-C0CC-43DE-9AB2-A545A4531BE4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-671A053B-7F73-4902-9DF8-55E9F3A65794.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6731F4BB-AF80-4CE1-9316-DD46DF663AD7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-68082BDA-ED32-4FCC-BEE3-7A50CA0674C7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-69408EA9-7936-4914-AA6D-9F1AE0CDFEA5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6A3C9C3D-A960-4775-B289-3EB9737AD962.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6A641C38-8CDB-45CD-8D23-2618AAD283A2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6B6044F4-088A-4C92-B44F-3B2CF61B67DC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6B674A83-AB66-4FFF-90FF-774F543B742B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6BEE8F8D-1C2B-4065-93E6-786B9DA7FD84.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6D0D3AF8-6DFD-420C-ABF3-39124401CF91.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6D4A2B27-CC5D-4A74-9BC0-B9C1404159D5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6D9FDDA1-7BF1-4CD5-8BB9-D54840DE11A6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6FCAFD30-E9E8-47F2-A9DF-A5875376F7FD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6FE0E07A-A9A7-48E5-B05A-92B32CA49F3A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-70808080-0C8D-4185-B0D8-A50D6D225BAE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-714DBC97-5EAB-437C-BD87-AD8808787FD6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-72121B44-5B15-41C7-8D4C-70B02744F606.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-733463B3-42FE-49AB-BAF8-93257AD54DED.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-739655D8-AEDA-49E2-8D56-5AF959537B90.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-75744304-2A73-4D01-9821-94573CA26D3C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-775C73C9-8787-4119-941A-1D3BACE40414.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7856B396-90E0-4F1D-B08C-778E8A667732.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-79B431FF-60F2-44EC-8E30-92500E465768.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7A0D4383-B52E-476C-84B8-6AF0719C8598.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7AE8BEAF-C3EC-4377-9448-265AEFCBFBBD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7BA568FE-5AA5-4C6A-846A-2340ECDDE97F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7BD84745-86AE-43BE-90D9-8632057057D1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7C131FDE-F5AC-45CA-8A28-5AA981863550.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7CF7D167-5E83-4F4B-9F27-AC9EEBF24100.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8085DDEB-05AB-4AB1-8916-8F2D680E3090.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-83250F5A-987B-43F1-836C-235A99650E1F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-84762C4C-1A25-46C3-85C7-687E97324839.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-84F7DDBC-5777-407B-AE78-AC66C587562A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-85AB3DA1-7D96-4AA5-B8FE-C942C14CD2AA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-85C3E0F8-84E1-4893-B5CD-BFD149A9451D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-85C92428-BC28-413E-AA59-E0B24BFCF302.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-85CE8C05-E06A-40C9-906E-78CA75B59C47.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-87714B9D-ABC5-488B-93E9-AB0CF7FB3A2E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-87FC462C-05CF-47DD-8489-7BB40807A695.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-88234D0B-DD23-4D83-84D5-83E46C5E2334.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8ABAD79E-84A5-40E3-A5ED-DB1DDCD2CC09.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8ADFC99A-E4D5-43BA-AC4E-158CAD5EA284.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8B77615C-4D2F-4B16-B0F8-3FB8A99028B3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8CEE61D2-4D9B-4D0E-A844-4DCBD99E84F9.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8D100D5B-5D04-40DD-9584-FC3BDEE3F0C3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8F1D28CF-2F45-4DF3-A8E5-B0FB55591BA8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-90A28271-F8C6-4DAA-8CE2-FBA356C9D089.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-90D4D7CE-25EA-4A2D-8C06-A1E660845510.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-93260397-91C9-4467-9B4A-50D65DF9F579.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-934A86F7-E41E-4FF5-BBB8-CE775E3C2CCA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9525B24E-05BF-4F7E-A914-8D27653F2129.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-96B6DD16-1E88-495A-8705-29CA5D8D7EFE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-97CF4751-8A98-4BC8-A664-6FADFE2E9715.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-97E87259-F6C6-403C-95AD-45AE0A5B9362.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-998901D6-2399-49E7-9CB1-E1078B39AAC7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9BB2AF99-5394-4A86-AB87-51FC0395E627.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9BCF90C3-586B-4EC4-9DCA-1C60A0D07595.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9C4D4B5B-078A-4BD5-9C3B-F99BBEB93D52.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9C6EBEA0-60E2-44CB-93A9-183CAD8D813F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9CC8FA9A-5499-4C62-90D3-13E368E92772.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9E79F39F-D688-432C-95B5-954A1A86D0DA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9ECFEAA6-31DD-4082-BBD5-5B2C43371CBF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9EF45CD1-F31A-44D4-96C4-BB4EA0C8CC99.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9F3098F3-AFED-473E-9517-DE0A3E7E2BA8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A0055F16-735F-4A05-AA28-B65522FAE2C5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A091397E-2FDE-4EC6-9EFC-0FA46E5918D6.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A0DD399E-838C-4984-80EC-2D2740040558.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A0F25411-9689-446C-ACA6-196761C821FD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A102B88B-AC79-4F8A-89DB-2089B8F77F36.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A1407B8C-714B-4405-A24D-E814DBB9760A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A1697ADC-1152-43C6-B5B9-8CA01A8B2BCA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A3829668-460E-4AAF-BBBC-4A52BE37519A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A6B7B8BC-6F6E-4B26-9974-7E77891A44DF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A6C2537B-75EF-4DC2-B05B-7EB78E46A624.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A6CA843D-2BB3-4D9C-AE6F-B7C630BA0582.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A849B82F-C096-4098-8456-8F0DB3675922.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A8AABBD1-4AC8-4275-9102-2438CBF4CCF1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A8FA7606-7631-4C9C-BB1F-01CEB7008FEB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A96350D8-21EB-4202-8D21-95B2CD289521.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A9C2C6EF-E4FD-4F87-B953-981B56EE1A3E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A9CCB00D-4A12-4496-9127-F2175CE8328F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AA60F89A-E91A-4FF1-9EAE-A55A0BA22E49.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AA64A898-E912-45F0-A672-F55FC5BAEE71.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AB38FCBE-65A3-4B64-AF14-A6C01234816C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AB52115A-A180-4C9B-B23D-E82A61EA32BE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AC104052-27FA-40BA-90CD-4199746CF11E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ACE6E190-7F38-4FD9-8F7F-85443FB7EE63.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AE32326F-95E7-4220-997F-3B5B04C8B95A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AE4C5487-F92B-4916-BCD1-DD65B326E90B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B05FF5D0-254E-4856-AF7D-35EFA464818B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B0A21106-14D8-4B14-8AA4-86DED1A538CE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B16213A3-4F51-4669-9C36-498C9E654C3C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B325C5E3-A28F-448B-9B44-37478D2C7382.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B431FE02-05C6-48AE-BB28-27F68D980D4B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B49E9B3E-602E-48ED-B9B3-A01BDB7B6C25.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B536AB39-BE64-4FAB-92A1-D2EA36E6FE9E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B65680B8-FF6A-4074-9FDB-00E5637F1A14.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B7C0405E-F617-46BE-996E-D9016E025F1A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B7E41F6B-ECF6-43FC-8AE3-F0BDE5583F60.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B8F02DEF-FC04-4B4F-9ACE-E5CADEF05FED.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B9116CD6-5323-469F-AD92-E6EDFA79A54F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B91B5042-E593-4DF9-8B00-D532D6D26D00.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B9557F0C-0F9E-4832-ABB6-A6DE282CFB6F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B9E23A38-B235-47CB-ABA7-6BBD8AC360B5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BB12E231-BB7A-449C-91D8-08778B78586C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BB5C844D-70C3-460F-ADF4-02C908597636.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BBC6B2CD-63E1-4CB6-A723-769CDF11E865.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BBF56646-731A-4557-AE07-F5FDDF7DD418.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BC3B7B0D-0102-4523-B994-DF12868471AC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BC45EBB8-81E4-467D-9CA6-694E2BE54314.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BC65293C-D2D3-4876-A53A-77082554B242.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BCABFF90-907C-4F06-AE98-E5F9D53EBDD4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BD9FEE92-4028-4990-B365-B83774D811D0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BF1DE7DD-8197-4B19-8617-702B26ADBA6D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BF2A9128-5B7C-48C2-A133-057A3E99C96F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BF52202C-E5AB-4879-9819-415D56EFD898.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BF58B9C4-A11E-45F2-AFB8-6CC85303A98A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BFFDB943-13E5-4706-AABC-521996F54414.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C08397D5-1D17-419E-82E1-EBA2D445D60D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C1475F67-BC7E-493C-914A-A3E2928400C3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C1BB41BA-0AAC-4E65-9FBA-DEECD2ECB98F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C202A68D-5D8C-487D-90D9-3AD0A3ECC05F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C2507026-C3A2-4E85-AD03-16AFBBA029FE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C33D6F71-BD71-4CD5-8FCF-ED39B076A75B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C35159AA-7B18-4691-804C-EA654FE9337C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C3AA2973-AE44-47F0-8D70-8A331C7CDE8F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C473784C-01C1-46E0-81CB-7E4C46C10087.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C4B0B7CF-A1A7-4ADD-BB7A-00A92E030B26.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C5321385-C17A-49C3-AB61-8480C821A672.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C6B0F076-E1D8-4051-98E9-A78CBBCA6274.dat Object is locked skipped
---
Trimmed to fit character limit, resumed next post. Fun stuff with these logfiles, I know.
wvoidbringer
2008-05-26, 19:41
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C71AD3A9-C140-4CE2-B082-8F4B701A3AAC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C7E16126-9257-4416-BF80-396CDC0AEE7C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C80479EB-AC33-44BF-A778-8A574E9ED397.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C9CA894B-B4C4-4DAB-9CA8-D44E9C9C2084.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CA8DCF22-0864-4B60-A9DF-A33B422A0F54.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CAC87CF3-EB71-47C2-833C-D530D8A12917.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CC84D801-CEBE-43FD-8E4B-7FC39734F711.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CD0E8F28-2BC1-4E2A-A775-4EDFA060C3C1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CD763BE2-D368-42FE-965D-F216547857DA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CDF7A592-DB8D-4BF8-B1C5-0D14CA18AD45.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CF468FDC-86BC-4093-B598-6F02EA9D6EB4.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D013CE8D-857A-477A-BAA7-DF6B19F26AAF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D1EBB7DE-75A2-4E5B-8B97-41AA09D48297.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D23A2B69-8103-4397-BCE9-492476D145C0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D286D885-86E5-4BD2-9EEB-271F221C6FAC.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D410B554-2DEC-46E4-93D8-61A0741C9780.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D41650DC-561F-4A2A-AA68-4064C88ACD26.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D42250E5-ACFA-4FE8-B99C-AACEAC7D0881.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D5B0AD7B-72EE-4AA9-B15C-2088DD6B1B0B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D5F7F820-9E98-4CC7-9469-6AE06879CCF0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D631466A-9383-45EF-B960-CD8EFAC103C3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D63F353B-EFDD-4644-ACFE-087A25E87A08.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D72A8384-DA9D-40D2-97B6-645CBF4D950E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D777318F-656D-4F82-B078-7CAADBBEBEAB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D793FAFF-AB8C-449F-9C1E-87E8CE28DC4F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D9967524-A5AF-41D4-ABE6-CAC9D6685376.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D9D63D3F-A8BF-40F3-97D1-5EE889D6AD4A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DA334258-97D2-405F-8278-64BA30CC0D21.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DA7A780E-C5DB-487B-B3BE-4898713ADDF2.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DABFD5BB-2A6D-4DDE-A673-3B8D2560797C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DBD64B84-AEFA-4D7E-A2EC-CB2204A6904F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DCDAF4E6-576E-4CCC-ACD7-5E2E0BA3F968.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DD4EB4BD-B5EF-4E77-B80B-355DD423A850.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DDAAB389-4552-4CCE-8E04-F9582E827006.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E0148A96-3958-4AED-B1D2-A411840DF9AF.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E340A104-A205-455E-8E76-71AC7D33F205.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E401BFA3-5968-4BA9-9164-54C4D17513F0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E4C9DC45-3680-43CE-850F-68222C012AD7.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E51D553F-272C-4A52-8FE7-626566CF5319.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E734B27A-3269-4684-9428-0868AFB9767D.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E766B62E-F659-4D48-B6DC-843B9F105829.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E7D254C3-CBCB-468B-AD8B-537559393F12.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E987EC87-3AF6-45E0-ADF1-9AC44CB4F31E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EB2780D2-8CDD-4A6E-958E-B942C27E08EB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EB601871-0774-4DBB-87ED-50676FF6E519.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EBC346B6-131C-4ADC-9868-2627D65B276B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EC94EED4-025E-44B2-A587-C52A1A33ED22.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ED07C4CD-66B7-4748-B2F2-5574D98BC59F.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EDE0DCA2-A59F-491D-AFA7-BC0A4C7AC5FE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EFEFF777-A0E7-4701-A726-FA9580EB601B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F0493DBF-D7B7-422A-87FE-FEFE272F0678.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F06E46BF-B99A-4218-B543-19E249D860BD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F2A5E3FF-1F11-4F52-8302-168042B3106B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F38932FB-2490-40B7-AE23-30EE045145AD.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F3B5CFA6-7139-4A5C-B47F-7AB539DDC396.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F52BA87C-A9E5-4771-A514-B7E4E9C2F09E.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F654762C-59C7-4142-B863-ED157F2AE437.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F6B5B70A-E8C2-4414-9560-C98179B3DE9C.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F6C135F8-459E-47E8-B7A7-3BE930008486.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F9486ADD-8B86-47AB-AA94-6909EE2A3612.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F9CC491C-67C0-48DD-B94B-370A0DAA06C3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FAAB9B61-2D29-462E-9E14-500578C9FA53.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FAE3CF37-2E15-448A-93EA-FF3AD3708E72.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FD44CDBD-65BE-459C-86EB-0981A874DBCA.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FD712366-F0AE-4F30-85B6-C6FEBE7698D3.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FE640E16-986F-474D-8AD8-6E74BC0DCAC5.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FF028F26-68CE-4B1D-8B33-EBE9B8DE481B.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FF568FCF-8F1D-48F2-88F2-12C56442C8BE.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FF97EC2C-EFEF-4423-9591-F3FD7C60D88A.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FFB20D34-8D8B-46C9-A49C-B21BAC9CF930.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Aim\nfsadxnp\SuperSmashPlaya\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Aim\nfsadxnp\SuperSmashPlaya\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\IconChanger\iconchng.ich Object is locked skipped
C:\Documents and Settings\Joe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temp\Perflib_Perfdata_fd0.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log Object is locked skipped
C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\FileZilla Server\Logs\fzs-2008-05-26.log Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0117NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0818NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\catchme2008-05-25_ 21133.35.zip/ssqNFYSL.dll Infected: Trojan.Win32.Pakes.cym skipped
C:\QooBox\Quarantine\catchme2008-05-25_ 21133.35.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP125\A0047112.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP125\A0047115.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP125\A0047116.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP126\A0048281.exe Infected: Trojan-Dropper.Win32.Agent.rys skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP127\A0048295.dll Infected: Trojan.Win32.Pakes.cym skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP129\A0049475.exe/data0000.cab/is154693.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.tso skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP129\A0049475.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.tso skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP129\A0049475.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP131\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\Temp\History\History.IE5\MSHist012008052620080527\index.dat Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
-----------
Looks pretty good on my end.
steamwiz
2008-05-26, 22:13
Hi
Just got finished with the Kaspersky scanner... that thing takes forever and kinda overreacts to everything on my computer, it would seem... I guess they try to scare new users into buying their product to get rid of their scary logfiles?
You're the first person to make that sort of observation about the Kaspersky scan ...
The Kaspersky scan has good deep look at the files on your computer, there's no need to purchase anything, once you post the results we can help you eliminate any threats... which I will do now ...
Now the first batch of files detected are :-
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\ ... Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c
I'm assuming you know about this & installed it yourself ? in which case it's OK ...
http://www.viruslist.com/en/viruses/encyclopedia?virusid=70586
The other infected files found are in Combofix Quarantine & infected restore points, which we'll clean in my next post.
Malwarebytes' Anti-Malware is now clean & I'm going to get you to remove some infected files & registry keys found by Combofix ...
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\jynacdrr.dll
C:\WINDOWS\system32\tqcgnmql.dll
C:\WINDOWS\system32\xxyyaYrR.dll
C:\WINDOWS\system32\geBtsqoo.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1D9297-C861-4D5E-918C-F9C92C2365DE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4D2A00D-C55D-4BCB-AA1A-B273DCD2E20C}]
Save this as "CFScript.txt"
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
steam
wvoidbringer
2008-05-27, 05:58
ComboFix powers... activated!
ComboFix.txt
ComboFix 08-05-25.3 - Joe 2008-05-26 15:17:36.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1194 [GMT -4:00]
Running from: C:\Documents and Settings\Joe\Desktop\cfxlol.exe
Command switches used :: C:\Documents and Settings\Joe\My Documents\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\geBtsqoo.dll
C:\WINDOWS\system32\jynacdrr.dll
C:\WINDOWS\system32\tqcgnmql.dll
C:\WINDOWS\system32\xxyyaYrR.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\jynacdrr.dll
C:\WINDOWS\system32\tqcgnmql.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
2008-05-26 04:17 . 2008-05-26 04:17 <DIR> d-------- C:\Logs
2008-05-26 03:31 . 2008-05-26 03:31 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-26 03:26 . 2008-05-26 04:18 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-26 01:00 . 2008-03-01 09:06 1,159,680 --a------ C:\WINDOWS\system32\disk.dll
2008-05-25 16:43 . 2008-05-25 16:43 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Malwarebytes
2008-05-25 16:42 . 2008-05-25 16:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 16:42 . 2008-05-25 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 16:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 16:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-25 01:51 . 2008-05-25 01:56 <DIR> d-------- C:\ComboFix
2008-05-25 01:19 . 2008-05-25 01:23 <DIR> d-------- C:\68b15ab9904165c076
2008-05-25 00:13 . 2008-05-25 00:45 211 --a------ C:\WINDOWS\wininit.ini
2008-05-24 23:09 . 2008-05-24 23:09 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-05-23 20:02 . 2008-05-26 01:56 <DIR> d-------- C:\Program Files\HeroStats
2008-05-23 17:14 . 2008-05-23 17:14 <DIR> d-------- C:\OpenSSL
2008-05-23 17:14 . 2007-10-22 07:10 1,015,808 --a------ C:\WINDOWS\system32\libeay32.dll
2008-05-23 17:14 . 2007-10-22 07:10 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-05-23 17:14 . 2008-05-23 18:57 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-23 17:13 . 2008-05-23 17:37 <DIR> d-------- C:\Program Files\Miranda IM
2008-05-23 17:13 . 2008-05-23 17:38 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Miranda
2008-05-23 15:24 . 2008-05-23 15:24 <DIR> d-------- C:\Program Files\7-Zip
2008-05-22 00:57 . 2008-05-22 00:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-22 00:57 . 2008-05-22 00:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-21 01:29 . 2008-05-23 23:34 <DIR> d-------- C:\covbinds
2008-05-20 01:54 . 2008-05-20 01:54 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Aim
2008-05-19 13:36 . 2008-05-19 13:36 <DIR> d-------- C:\Program Files\DaemonUI
2008-05-19 13:33 . 2008-05-19 13:33 <DIR> d-------- C:\Program Files\DaemonScript
2008-05-19 13:28 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\arniWORX
2008-05-19 13:24 . 2008-05-19 13:28 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-05-19 13:02 . 2008-05-19 13:02 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DAEMON Tools
2008-05-18 21:59 . 2005-06-25 15:13 999,484 --a------ C:\WINDOWS\system32\common.dll
2008-05-18 21:19 . 2008-05-18 21:19 <DIR> d-------- C:\Blah
2008-05-18 20:29 . 2008-05-18 20:29 <DIR> d-------- C:\Program Files\PurgeIE
2008-05-18 20:29 . 2008-05-18 20:29 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DelinvFile
2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Program Files\Unlocker
2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Desktopicon
2008-05-18 19:55 . 2008-05-18 19:57 <DIR> d-------- C:\bartpebuilder3110a
2008-05-18 01:23 . 2008-05-18 01:24 <DIR> d-------- C:\Program Files\AltBinz
2008-05-16 02:38 . 2008-05-16 02:38 <DIR> d-------- C:\Program Files\ipsXP
2008-05-15 15:48 . 2008-05-15 21:10 <DIR> d-------- C:\Program Files\iCall
2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-15 15:13 . 2008-05-15 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-15 15:12 . 2008-05-15 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-15 14:51 . 2008-05-15 14:51 <DIR> d-------- C:\Program Files\CoH Hero Builder
2008-05-15 14:38 . 2008-05-15 15:17 <DIR> d-------- C:\Program Files\Trillian
2008-05-15 11:49 . 2008-05-15 11:49 <DIR> d-------- C:\Program Files\middle_man
2008-05-13 22:10 . 2008-05-13 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-05-13 12:04 . 2008-05-13 12:04 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-05-12 00:00 . 2008-05-12 00:01 <DIR> d-------- C:\Program Files\Mids' Hero Designer
2008-05-11 22:29 . 2008-05-11 22:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-11 22:29 . 2008-05-11 22:31 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-05-11 22:29 . 2008-05-11 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-11 22:26 . 2008-05-11 22:26 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 00:22 . 2008-05-11 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-10 02:36 . 2008-05-10 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrueCrypt
2008-05-10 02:31 . 2008-05-10 02:31 <DIR> d-------- C:\Program Files\TrueCrypt
2008-05-10 02:31 . 2008-05-18 19:53 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\TrueCrypt
2008-05-10 02:31 . 2008-05-10 02:31 223,424 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-05-10 01:19 . 2008-05-10 02:09 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-09 19:53 . 2008-05-09 19:53 <DIR> d-------- C:\Program Files\Smart Projects
2008-05-09 19:39 . 2008-05-09 19:59 <DIR> d-------- C:\xp
2008-05-09 19:37 . 2008-05-09 20:00 <DIR> d-------- C:\sp3
2008-05-08 12:57 . 2008-05-08 12:57 <DIR> d-------- C:\Downloads
2008-05-08 00:20 . 2008-05-08 00:20 <DIR> d-------- C:\Program Files\NetLimiter 2 Pro
2008-05-08 00:01 . 2008-05-08 00:02 <DIR> d-------- C:\Program Files\AutoUnpack
2008-05-07 13:52 . 2008-05-07 13:52 <DIR> d-------- C:\Program Files\TweakCoH
2008-05-07 12:30 . 2008-05-15 11:49 <DIR> d-------- C:\Program Files\AIM 5
2008-05-06 11:57 . 2008-05-06 11:57 <DIR> d-------- C:\Program Files\QuickPar
2008-05-06 07:33 . 2008-05-06 07:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-06 01:54 . 2007-09-28 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-05-06 01:51 . 2008-05-06 01:51 <DIR> d-------- C:\Program Files\MultiRes
2008-05-05 13:24 . 2008-05-22 23:48 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\dvdcss
2008-04-30 21:21 . 2008-04-30 21:26 <DIR> d-------- C:\Program Files\Stella
2008-04-30 18:55 . 2008-04-30 19:31 <DIR> d-------- C:\Program Files\DLDIrc
2008-04-30 17:00 . 2008-05-25 20:16 <DIR> d-------- C:\Program Files\NetDrive
2008-04-30 17:00 . 2003-04-14 16:11 503,808 --a------ C:\WINDOWS\system32\RFHelper.dll
2008-04-30 17:00 . 2003-03-26 12:52 139,264 --a------ C:\WINDOWS\system32\RFNP32.dll
2008-04-30 17:00 . 2001-08-23 09:24 32,768 --a------ C:\WINDOWS\system32\rfhres.dll
2008-04-29 12:47 . 2008-04-29 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-04-29 12:47 . 2006-04-28 05:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-04-29 12:47 . 2006-04-28 05:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-04-29 12:47 . 2006-04-28 05:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-04-29 12:47 . 2006-04-28 05:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-04-29 12:47 . 2006-04-28 05:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-04-29 12:47 . 2006-11-22 09:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-04-29 12:47 . 2006-11-22 09:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-04-29 12:47 . 2006-11-22 10:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-04-29 12:46 . 2008-04-29 12:46 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-29 12:44 . 2008-04-29 12:44 100 --a------ C:\WINDOWS\Lexstat.ini
2008-04-29 12:41 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-29 12:41 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-04-29 12:41 . 2007-02-07 18:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-04-29 09:06 . 2008-04-29 09:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-26 12:44 . 2008-04-26 12:44 <DIR> d-------- C:\Program Files\NFO Creator
2008-04-26 12:04 . 2008-05-14 09:20 <DIR> d-------- C:\WADs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 19:18 --------- d-----w C:\Documents and Settings\Joe\Application Data\uTorrent
2008-05-26 04:26 --------- d-----w C:\Program Files\LogMeIn
2008-05-26 02:46 --------- d-----w C:\Program Files\City of Heroes
2008-05-26 02:24 --------- d-----w C:\Program Files\Random
2008-05-25 21:33 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-05-25 21:31 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-25 19:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-25 19:43 --------- d-----w C:\Program Files\Bonjour
2008-05-25 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 05:35 --------- d-----w C:\Program Files\PowerISO
2008-05-25 03:12 --------- d-----w C:\Program Files\NoteZilla
2008-05-22 03:43 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-21 22:42 --------- d-----w C:\Program Files\Warcraft III
2008-05-19 17:02 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-19 03:20 --------- d-----w C:\Documents and Settings\Joe\Application Data\NewsLeecher
2008-05-18 21:54 --------- d-----w C:\Program Files\NewsLeecher
2008-05-18 19:29 --------- d-----w C:\Documents and Settings\Joe\Application Data\U3
2008-05-14 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 02:03 --------- d-----w C:\Program Files\Dell
2008-05-12 01:53 --------- d-----w C:\Program Files\X-OOM Media Center for Wii
2008-05-11 20:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 04:13 --------- d-----w C:\Documents and Settings\Joe\Application Data\FileZilla
2008-05-10 04:10 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-09 19:48 --------- d-----w C:\Documents and Settings\Joe\Application Data\Hamachi
2008-05-09 03:18 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-07 18:13 --------- d-----w C:\Program Files\Viewpoint
2008-05-07 16:30 --------- d-----w C:\Program Files\AOD
2008-05-06 11:33 --------- d-----w C:\Program Files\MSECache
2008-05-06 05:51 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-05-06 05:11 --------- d-----w C:\Program Files\Final Fantasy VII
2008-05-05 17:23 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-04 03:08 --------- d-----w C:\Program Files\WinPcap
2008-05-04 02:51 --------- d-----w C:\Program Files\WC3Banlist
2008-04-28 23:57 --------- d-----w C:\Documents and Settings\Joe\Application Data\OpenOffice.org2
2008-04-26 23:06 --------- d-----w C:\Program Files\SNES9x
2008-04-26 05:22 --------- d-----w C:\Program Files\Binary News Reaper
2008-04-25 22:07 --------- d-----w C:\Program Files\Safer Networking
2008-04-25 21:28 --------- d-----w C:\Program Files\CCleaner
2008-04-23 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 23:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 19:17 --------- d-----w C:\Documents and Settings\Joe\Application Data\Nvu
2008-04-21 19:56 --------- d-----w C:\Program Files\Panasonic
2008-04-19 20:11 --------- d-----w C:\Documents and Settings\Joe\Application Data\Move Networks
2008-04-08 15:57 --------- d-----w C:\Program Files\Nvu
2008-04-07 23:04 --------- d-----w C:\Documents and Settings\Joe\Application Data\DNA
2008-04-07 19:02 --------- d-----w C:\Program Files\PHP
2008-04-07 19:00 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-04-07 03:32 --------- d-----w C:\Program Files\gAlwaysIdle
2008-04-06 20:54 --------- d-----w C:\Program Files\Real Alternative
2008-04-04 14:08 --------- d-----w C:\Program Files\Hardcoded Software
2008-04-04 14:08 --------- d-----w C:\Documents and Settings\Joe\Application Data\Hardcoded Software
2008-03-31 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-03-31 01:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-31 01:23 --------- d-----w C:\Program Files\Common Files\L&H
2008-03-31 01:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-30 19:23 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-29 22:43 --------- d-----w C:\Program Files\Winamp Remote
2008-03-29 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-29 22:37 --------- d-----w C:\Program Files\Winamp
2008-03-29 22:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Winamp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 21:54 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-05 21:29 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-05 21:29 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-04 17:41 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 18:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 18:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-03-25 12:15 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-25 12:15 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-05-25_ 2.25.55.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 06:14:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 21:31:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-25 06:15:05 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-05-25 21:32:06 32,768 ----a-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-05-25 06:15:05 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-05-25 21:32:06 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-05-26 14:21:39 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012008052620080527\index.dat
- 2008-05-25 06:15:05 49,152 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 21:32:06 49,152 ----a-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-24 22:43 219952]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 12:58 856064]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-03-05 19:12 526848]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"TrueCrypt"="C:\Program Files\TrueCrypt\TrueCrypt.exe" [2008-05-10 02:31 1106112]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-04-01 05:39 486856]
"AIM"="C:\Program Files\AIM 5\aim.exe" [2006-08-01 15:35 67112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 21:48 1392640]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 12:16 2629632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 17:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 21:48 125368]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 17:25 937984]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [2008-01-07 16:35 49152]
"AtiPTA"="atiptaxx.exe" [2006-02-21 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 00:15 15872]
"DaemonUI"="C:\Program Files\DaemonUI\DaemonUI.exe" [2007-04-24 10:25 931736]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.VSPX"= vspxvfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Joe\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUnpack]
--a------ 2007-09-12 09:53 888832 C:\Program Files\AutoUnpack\AutoUnpack.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-27 10:30 288576 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
--a------ 2007-08-28 14:24 1191936 C:\Program Files\iCall\iCall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaCenter]
--a------ 2007-12-23 14:33 1384448 C:\Program Files\X-OOM Media Center for Wii\MediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-24 22:59 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
--a------ 2007-02-27 16:29 315392 C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QNPlus]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\X-OOM Media Center for Wii\\server\\server\\Apache\\MediacenterLibrary.exe"=
"C:\\Program Files\\X-OOM Media Center for Wii\\server\\server\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\AIM 5\\aim.exe"=
"C:\\Program Files\\iCall\\iCall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Documents and Settings\\Joe\\Desktop\\Misc\\pickup.listchecker.exe"=
"C:\\bartpebuilder3110a\\plugin\\ultravnc\\files\\winvnc.exe"=
"C:\\Program Files\\Miranda IM\\miranda32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9967:TCP"= 9967:TCP:BitComet 9967 TCP
"9967:UDP"= 9967:UDP:BitComet 9967 UDP
"5060:UDP"= 5060:UDP:iCall Port
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 05:05]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 07:03]
R2 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-05-05 20:46]
R2 MBAMService;MBAMService;"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-05-05 20:46]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2007-03-01 12:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47d85f6a-eb5a-11dc-89a4-0019b97b95e8}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{568bece0-21b7-11dd-89e1-0019b97b95e8}]
\Shell\AutoRun\command - I:\Programs\nu2menu\nu2menu.exe
*Newly Created Service* - MBAMDRVSERVICE
*Newly Created Service* - MBAMSERVICE
*Newly Created Service* - PGFILTER
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 15:20:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RFHelper.dll
.
Completion time: 2008-05-26 15:21:17
ComboFix-quarantined-files.txt 2008-05-26 19:21:02
ComboFix2.txt 2008-05-26 00:12:08
ComboFix3.txt 2008-05-25 21:15:47
ComboFix4.txt 2008-05-25 06:28:39
Pre-Run: 13,370,294,272 bytes free
Post-Run: 13,385,297,920 bytes free
357 --- E O F --- 2008-05-22 03:43:23
--------------------
hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:06 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NetDrive\wdService.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DaemonUI\DaemonUI.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AIM 5\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Joe\Desktop\hjtlol\hjtlolasdf.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [DaemonUI] C:\Program Files\DaemonUI\DaemonUI.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM 5\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM 5\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9974 bytes
--------------
The [B]Kaspersky scan has good deep look at the files on your computer, there's no need to purchase anything, once you post the results we can help you eliminate any threats... which I will do now ...
Sure, we power users that know what we're doing might use it FWIW with our own free tools, but the reason they put it out there for free is to get less experienced users to buy the product that found "all those signatures." Though I seem to have some more unique ones... namely
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\ ... Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c
I'm assuming you know about this & installed it yourself ? in which case it's OK ...Yes, it's a VNC tool for a recovery disk, namely one that I installed on a bootable USB (recovery disk, built it a week ago).
steamwiz
2008-05-27, 21:53
Hi
I see where you are coming from with Kaspersky, but you should see some of the Kaspersky logs I see, full of worms & trojans, we need a program which shows anything & everything which is dubious, so that we can see the problems, if this frightens some users, then that is unfortunate, or maybe good. If they decide to buy the program instead of getting the log looked at, then that's fine by me :) Kaspersky has to get the money from somewhere to be able to maintain the program & make it available for free use.
Combofix is clean now :)
Please do this to remove it & it's quarantined files ...
Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK
http://img.photobucket.com/albums/v624/29wood/Clipboard01-1.gif
I suggest you do this final cleanup :-
Please Download CCleaner from :-
http://www.filehippo.com/download_ccleaner/ (click the download tab)
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.
doubleclick the ccsetup.exe file and install the program...
After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Make sure the "windows" tab is selected
Under "internet explorer" tick...
Temporary internet files
Cookies* > see Note below
History
Recently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history
under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"
Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)
under "System"
Tick ALL these ...
under "Advanced"
no need to tick any of these (but you can if you want, and realise what they do)
Applications tab...
These will mostly clean out old log files for these applications...
Clean:- (if you use them)
Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm
...
Personally I clean everything in the applications tab... but you tick what you want...
Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.
click "analyse" if you want to see a list of what is going to be removed, before it is removed.
Or
click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up
"This process will permanently delete files from your system. Are you sure you wish to proceed?"
click OK.
By the way it wasn't removing the R0 and R1 entries from hijackthis which stopped the re-directs ... it was removing this :-
O4 - HKLM\..\Run: [BMb7ae7a22] Rundll32.exe "C:\WINDOWS\system32\tqcgnmql.dll",s
I'd like to see one last Kaspersky scan report before I give you the "all clear"
cheers
steam
wvoidbringer
2008-05-28, 00:22
By the way it wasn't removing the R0 and R1 entries from hijackthis which stopped the re-directs ... it was removing this :-
O4 - HKLM\..\Run: [BMb7ae7a22] Rundll32.exe "C:\WINDOWS\system32\tqcgnmql.dll",sCool, I thought the R0 and R1 entries sounded more likely.
I've had CCleaner for a few years now ever since someone told me there was an easier way to delete those things than manually like I was doing it. It also functions as my Registry cleaner. Anyways, I ran it. No logs, I believe, but it did what it was supposed to do.
Here's my KAV log... I grouped my NL logs together to make it fit into this post... if you want them again, I'll include them.
kavlog.txt
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 27, 2008 5:01:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/05/2008
Kaspersky Anti-Virus database records: 801559
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 114166
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:55:52
Infected Object Name / Virus Name / Last Action
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\bartpebuilder3110a\BartPE\Programs\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\bartpebuilder3110a\plugin\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\bartpebuilder3110a\plugin\ultravnc\files\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\bartpebuilder3110a\plugin\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-02DBE4AB-07FA-45CD-924B-6F0D97F1C179.dat Object is locked skipped
--skipped 331 entries similar to the above. Available on request, of course. All entries say "Object is locked skipped"
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Aim\nfsadxnp\SuperSmashPlaya\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Aim\nfsadxnp\SuperSmashPlaya\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\IconChanger\iconchng.ich Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\history.dat Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\parent.lock Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Joe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\jalh7h41.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temp\Perflib_Perfdata_fd0.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log Object is locked skipped
C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\FileZilla Server\Logs\fzs-2008-05-27.log Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files\Random\120.Wii.Wads-BlackCats\120.Wii.Wads-BlackCats.part04.rar Object is locked skipped
C:\Program Files\Random\120.Wii.Wads-BlackCats\120.Wii.Wads-BlackCats.part35.rar Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0117NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0818NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FA948663-9E58-4747-AA17-98BC3A073D23}\RP133\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
steamwiz
2008-05-28, 01:44
Hi
Here's my KAV log... I grouped my NL logs together to make it fit into this post... if you want them again, I'll include them.
NO ... that's fine :)
The logs clean ...
All it shows now is the (Number of infected objects: 6) which are in C:\bartpebuilder3110a\
& we know these are all OK ...
I take it your problems are resolved ?
In which case I wish you Happy Surfing
steam
wvoidbringer
2008-05-28, 03:33
Hi
NO ... that's fine :)
The logs clean ...
All it shows now is the (Number of infected objects: 6) which are in C:\bartpebuilder3110a\
& we know these are all OK ...
I take it your problems are resolved ?
In which case I wish you Happy Surfing
steam
All clean. Thanks a lot!
steamwiz
2008-05-28, 21:24
You're very welcome
As this thread is resolved, :) it is now locked.
cheers
steam