Results 1 to 4 of 4

Thread: "Trojan-rbot" Help please!

  1. 2008-04-19, 20:31 #1
    Meshmeshta
    Meshmeshta is offline
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Default "Trojan-rbot" Help please!

    Hi,
    I was trying to clean my brother's newly bought HP computer after he clicked on one of those "Your computer is infected, click here for a free scan".
    After working on it for a little bit, I thought it would be better just to recover from the factory produced recovery image and re-install the rest of the programs he has.
    One of the scanning tools I downloaded to scan his computer is "Webroot SpySweeper". I decided to run it on my own computer too and it found "Trojan-rbot"
    After doing some research on the net I found one of the topics in your forum.
    I did what you have instructed in your "read before you post" page.
    And here are the logs:


    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, April 19, 2008 12:18:28 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 19/04/2008
    Kaspersky Anti-Virus database records: 715215
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 81628
    Number of viruses found: 4
    Number of infected objects: 20
    Number of suspicious objects: 0
    Duration of the scan process: 03:42:17

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\AWProcessesLog.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\CoreEngineCommunicationLog.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml Object is locked skipped
    C:\Documents and Settings\Anita\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Anita\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS00121A76-66A2-481B-B25A-C5DB807BF55B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0137C9E6-DA34-4DA5-9C74-5AAAF8DEB60E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0CA8A428-25C3-4745-AA63-EE6AF0BE3A1E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0CB49897-696F-44B9-BBBE-BC1A3B2C694E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS16B5B53D-51F6-4383-8110-8000A7110199.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS16E15DCD-CD9F-4361-8CF8-93DC463A2AF4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C2373A8-DA1E-47AD-94B5-102DA101C656.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D5D69AD-7053-40EA-9F31-1929E6519B35.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS22268AC7-EC32-48CD-9CBE-3C861183E741.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS27345F8C-3D53-4E16-9B65-26F182BB510B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2841954E-D1C0-4597-AE1E-3F32FE214B18.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A29C578-D88B-4B9B-92FE-850A2F6C2815.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS30B5E7CB-1260-41CF-BC4F-48A9B70DFC55.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS316F01E5-9277-493D-A8DC-F96C625874E5.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39BB54A4-7D39-410C-A552-3AFE6E9AEAFB.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BC00434-0CF8-4BCF-BC16-660EC4A5A9B0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BD5F3B2-BFC0-47A6-B507-9639AC62BABF.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3CF0D5CB-19A5-4995-A6C2-97652F130981.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D19F8DE-9064-4E66-81B4-6B3D207D11CE.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS406D0855-B023-4D6B-B03C-C45D6B68298C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41567703-8F9D-4877-B685-E1E80E4DEE40.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41C0D742-BE9A-4D32-A64D-EB67B297984E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS44839141-41D7-40C3-AC1A-E9B3BB4E57ED.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4969E52F-9B3F-44BC-898D-908E3B64E176.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4A0A9FA6-EC0B-495E-9055-70431B0FAEDD.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B08DF26-CCD6-4E49-9E84-1AE0EA996804.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B82E688-D914-4FF7-864B-3AF312343F4C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4CB25515-EC27-46B3-BC47-594DA159B77A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5187A196-BD1F-4BDE-BFA8-F4B3E80FCF66.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5224C8FF-5659-4025-8063-D70A78EF9681.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS52A56FFB-0970-4595-89C9-077B2FEE426E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55D6F69D-95E5-4F22-9EB5-DFBD8A14A8BB.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D7CBE24-11AA-4484-814E-9A86064187A3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66196CCD-3530-44C9-B023-B28A938A5643.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6672810E-1323-4DBE-9A19-F295DEA1A1AB.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67D4A505-5B73-4610-AA72-E03EC42A96BC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS69D5D55E-DA32-4683-B4E5-302F0C187CBE.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6A3C784B-EC3E-47FD-B82A-9B504497B16C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D1F4640-2E74-42F9-A330-E387EBDE0C8A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73A81653-0E8A-4D2B-BF73-9CF15D515DC9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73FC180A-BFC9-4C0A-ABF0-1D07F5CF3578.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7430A234-1184-4DF7-867E-3BC5DFB79C71.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS79B978A6-02BA-443B-B2CD-CD8A068A83A3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7C89B41A-E895-4B84-9350-154FE628FFDE.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS813B65E2-72AB-46D6-980C-8A22EECC73A5.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS824083FE-95B1-484C-BA38-DD3545D0803C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS83B700D2-FDB2-4960-A113-7414DAF0C04C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS877CEDFD-C1AF-4CDA-9DB2-59615C323ED7.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F26A4BC-8E1B-49E2-AF88-11873909E60E.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS90E955C1-EA8A-4FA1-BAC1-D30A51280ED6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9334579D-23E9-48E0-B607-6564518021D8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS949E186A-F170-4F94-99B3-48489D01FFC3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS996FBAEB-03DE-4E17-B4FA-B61A84ABFF76.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9F8DACD0-470C-447E-8004-BABE0C65FCC3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA03E34D1-00D3-433F-A938-A0F95CA7446A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3132394-DE59-45D7-A250-21F1E0B8A5CB.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA32E8EB8-50CC-4D3D-95BA-FD9CE31F8D91.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3B52444-4597-407D-8B3A-AC4DD38AB548.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA7F0108C-DDDC-4382-B83D-BFA10291F3DD.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF7A6BD0-D805-4D61-8D02-12503BB96617.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB072A990-BDCF-4DFA-931F-FF92B9FD42F7.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB49630E6-4966-4315-9C65-253797DDE9D6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB6F2DB76-2F4E-41CB-9D06-75E8F3CB907C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB820321B-5E4E-4CE8-AFC4-4F7732803803.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBD16C7E5-00A9-49EE-9695-811EB9855A57.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC65CCB61-04AF-41B0-A920-0D8EFABCEF95.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC9134AE3-EE5F-4E80-BB19-D0DFAA2E8DA8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC9CDB124-8487-4C3F-A3A4-76C775C2295A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCDFB3A8-65BD-4852-886B-4CFA9DA1ABB9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3E45C07-AAA0-40CF-82B7-50541BADE3E3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD50FFF90-FD40-4E92-BC9D-863D5FEE60F4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8283228-BFB1-4328-8921-B37CB92CB9E2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD85D2C86-0113-4110-85A2-99779619B7CD.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDB7CE2D7-3E58-4239-A168-9E928464F34F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE174CC3-A50B-4D16-A207-E8786361BD6F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE0787EE4-2D44-402B-A4B1-325BBE4EE772.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3388D82-B878-4E88-90F3-19FCA4CBC2A2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE4793C5D-0A9A-4C98-A220-6E711AE2AE59.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC919091-19BC-4F21-B798-87413C5A3BA4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEEE28CC1-00F0-4CD5-A768-549931A425A8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF289E4EF-6B58-478D-B981-16BD7B991DC9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3442FFE-54F7-41CB-93C3-D3AD662025FA.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF65B3B12-8247-4AB9-A71A-E88E0E3896FE.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF7138D49-EEEA-4869-8570-7B102801D23C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF7D867AF-9444-47FF-A103-6632098CE361.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF847F72C-FC1D-464F-B0D0-EB9DC8FE732B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9D64C8E-27AE-4FDF-BCB6-BC4D83704F76.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFCE47AAC-64E7-437F-A06B-B6F601128720.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFFF22FD3-A67F-4AB8-929A-B8EA1D524E0F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\MailFrontier\ASD.log Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\MailFrontier\logger\all\20080419.txt Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\MailWasherPro\tmpLog.txt Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\MailWasherPro\Training\Training archive - junk.rot135 Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\MailWasherPro\Training\Training archive - legitimate.rot135 Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\MailWasherPro\Trash.rot135 Object is locked skipped
    C:\Documents and Settings\SGAAA\Application Data\Webroot\Spy Sweeper\Logs\080418185613.ses Object is locked skipped
    C:\Documents and Settings\SGAAA\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temp\Perflib_Perfdata_9c4.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temp\Perflib_Perfdata_bb0.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temp\Perflib_Perfdata_c70.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temp\~DF9C72.tmp Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temp\~DFBD23.tmp Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\SGAAA\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\SGAAA\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NABAgent.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NABAgent_boot.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NABAgent_graph.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NABAgent_malware.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NABAgent_node.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NABAgent_removed.log Object is locked skipped
    C:\Program Files\Symantec\Norton AntiBot\agent\log\NortonAntiBot_boot.log Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP69\A0017030.EXE/data0000.cab/rBot.exe Infected: Backdoor.Win32.Agobot.ant skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP69\A0017030.EXE/data0000.cab Infected: Backdoor.Win32.Agobot.ant skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP69\A0017030.EXE Rsrc-Package: infected - 2 skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019468.exe/data0000.cab/LUXECA~1.EXE Infected: Packed.Win32.Monder.gen skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019468.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019468.exe Rsrc-Package: infected - 2 skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019560.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019560.exe 7-Zip: infected - 1 skipped
    C:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP90\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\DESKTOP.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{261488E7-5988-43FB-8306-BA3DCD4549DA}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\drivers\IdeChnDr.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_108.dat Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_7bc.dat Object is locked skipped
    C:\WINDOWS\Temp\ZLT009be.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT07025.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    H:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP87\A0021658.exe/file27 Infected: not-a-virus:AdTool.Win32.MyWebSearch.br skipped
    H:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP87\A0021658.exe Inno: infected - 1 skipped
    H:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP90\change.log Object is locked skipped
    I:\a80b56beb0a5eb4b07\%temp%dd_msxml_retMSI.txt Object is locked skipped
    I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019451.exe/data0000.cab/LUXECA~1.EXE Infected: Packed.Win32.Monder.gen skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019451.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP80\A0019451.exe Rsrc-Package: infected - 2 skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP81\A0019966.exe/data0000.cab/LUXECA~1.EXE Infected: Packed.Win32.Monder.gen skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP81\A0019966.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP81\A0019966.exe Rsrc-Package: infected - 2 skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP84\A0020723.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP84\A0020723.exe 7-Zip: infected - 1 skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP85\A0021285.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP85\A0021285.exe 7-Zip: infected - 1 skipped
    I:\System Volume Information\_restore{33749B09-7ABD-41A0-9BC3-419070D78C8E}\RP90\change.log Object is locked skipped

    Scan process completed.


    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:03:02 PM, on 4/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
    C:\Program Files\ASUS\Asus Probe\AsusProb.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {491AF6C5-21F2-46E1-C653-3DF529127D7B} - C:\WINDOWS\wcidBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D} - C:\WINDOWS\system32\iifcdax.dll (file missing)
    O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
    O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Asus Probe\AsusProb.exe"
    O4 - HKLM\..\Run: [Microsoft Update Machine] xnihaf.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [ATI DeviceDetect] "C:\Program Files\ATI Multimedia\main\ATIDtct.EXE"
    O4 - HKCU\..\Run: [Microsoft Update Machine] xnihaf.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
    O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - http://td.nortonconfidenceonline.com/plug-in/WSAS.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O20 - Winlogon Notify: iifcdax - iifcdax.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
    O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 10787 bytes



    I appreciate all your help in advance, even though I know I can't thank you enough for what you are doing for people that you don't even know.

    God bless you all for keeping people's computers and especially themselves from harms way.
  2. 2008-04-20, 12:45 #2
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    So...I am to understand this is not your brother's computer, but yours, and you ran Spysweeper and it told you you had a trojan. Did you purchase Spysweeper or is it just a trial version?
    If trial is the case, since it uses a lot of resources, I suggest you uninstall it or at least disable it while we clean this trojan.

    Read a little about the trojan Kaspersky shows as a System Restore backup:
    http://www.emsisoft.jp/jp/malware/?B...n32.Agobot.ant
    You have other very nasty stuff in System Restore also so DO NOT use it until we clean it a little later so we only need do it once.

    In the HJT log this trojan is showing as: O4 - HKLM\..\Run: [Microsoft Update Machine] xnihaf.exe <<< file name is random
    http://www.google.com/search?hl=en&q...ne&btnG=Search
    Since this is a backdoor trojan, I believe, to be safe, you should have this information:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    http://www.dslreports.com/faq/10451
    When Should I Format, How Should I Reinstall
    http://www.dslreports.com/faq/10063

    If you prefer to reformat, just let me know, otherwise SDFix is supposed to remove this junk, proceed like this:

    1) SpySweeper disabled or uninstalled.

    2) Ad-Aware Ad-Watch
    Right click on the Ad-Watch icon in the system tray.
    At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    Active: This will turn Ad-Watch On\Off without closing it
    Automatic: Suspicious activity will be blocked automatically
    Uncheck both of those boxes.

    3) Thanks to andymanchesta and anyone else who helped with the fix.

    Download SDFix and save it to your Desktop
    http://downloads.andymanchesta.com/R...ools/SDFix.exe

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    Restart your computer
    After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    Instead of Windows loading as normal, the Advanced Options Menu should appear;
    Select the first option, to run Windows in Safe Mode, then press Enter.
    Choose your usual account.
    Open the extracted SDFix folder and double click RunThis.bat to start the script.
    Type Y to begin the cleanup process.
    It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    Press any Key and it will restart the PC.
    When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    Finally post the contents of the Report.txt back on the forum with a new HijackThis log

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  3. 2008-04-21, 05:34 #3
    Meshmeshta
    Meshmeshta is offline
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Default

    pskelley, thank you for your response.

    Yes, this is my own computer that I'm having trouble with.
    Right now I'm using my laptop (which I hope it's clean). After reading your response and the links you included, I to be perfectly honest with you am scared s***less. That's why I decided to re-format my computer.
    I have some questions If and when you get a chance to answer them I would really appreciate your time spending on this trouble I'm causing you.

    You said I have some other nasty stuff. Can you tell me what else you can see on those logs? and what can they do?
    Regarding identity theft, Do you think I should take action and start reporting to the authorities? Considering that I've always been using Zonealarm firewall and Nod32 antivirus. My computers are connected through a wireless DSL modem with built-in-router. The wireless of course is only beeing used by my laptop with a secure connection. The router that I have has these security features:

    LAN / WAN: NAT, URL/Portfiler, DOS blocking, Statefull packet inspection, Stateful Inspection Firewall with Denial of Service

    WLAN: Hardware 64/128-bit WEP engine; WPA and future 802.1x support.
    Wireless client filtering and SSID broadcast disable

    My desktop computer is connected to the router through ethernet connection.
    I am going to buy Kaspersky Internet Security 7 and install it on both my computers. Besides that, What other program/s would you recommend for added security?
    Is Spysweeper any good?
    Should I install Spybot and let it run in the background?
    Does Norton AntiBot add anything to the security or is just taking up computer resources?
    Is Adaware Pro/Ad-Watch 2007 any good to have on the computer?

    Another thing I think you should know. I was looking for Google Earth Pro on the net, and I found a link for downloading it. I'm not sure but I'm thinking all my problems started after installing it. Do you think that could have caused these problems? If not, how else do you think my computer got all those nasty stuff?

    Sorry to ask so many questions. I hope you don't find me annoying. I don't have anyone else to turn to with these questions but you and certainly do appreciate all the time you have taken to try to solve my malware problems.
    I wish you and your team mates to have a great day, every day with God's blessings and health and prosperity in your lives.

    Thank you.
  4. 2008-04-21, 14:00 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    I'll try to give you at least some of the information you requested.
    Can you tell me what else you can see on those logs?
    My exact quote was:
    You have other very nasty stuff in System Restore
    For System Restore to have made a backup the malware had to be there (may still be? HJT only show likely places for malware to be) If it is in SR you are safe from it UNLESS you restore...then it is back on the computer.
    For some reason you are showing SR files on three drives? C:\, I:\ and H:\ which is unusual. To save time and space I will post the malware, if you want to know more, Goggle it.
    Backdoor.Win32.Agobot.ant
    Packed.Win32.Monder.gen
    AdTool.Win32.MyWebSearch.bm
    Do you think I should take action and start reporting to the authorities?
    http://www.windowsecurity.com/articl...vironment.html
    This one is randomly named, so I can not search for a specific trojan to find out what it does, I personally would take no chances and take any action suggested in the links I provided to be safe.

    Let me say that I suggest only freeware programs, and unless it is malware, you will not get me to talk about individual programs, just my policy. If you want information, there is plenty available on the internet, for instance:
    http://www.google.com/search?hl=en&q...ms&btnG=Search
    http://www.google.com/search?hl=en&q...ms&btnG=Search

    Is a program malware or rouge, find out here:
    http://spywarewarrior.com/

    I respect your decision to reformat to be safe, here is information if it helps:
    http://spyware-free.us/tutorials/reformat/
    http://www.cyberwalker.net/faqs/how-...stall-faq.html
    http://helpdesk.its.uiowa.edu/window...s/reformat.htm

    I'll post links to information, most if not all of your questions should be answered in those links. After you review them, if you still have questions, post them and I will do my best to provide answers. I will leave the topic open for a few days for you to do this if necessary.

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules