Possible Vundo infection

Combofix:

ComboFix 08-01-20.1 - HP_Owner 2008-01-20 23:04:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1981 [GMT 10:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\LMI189.tmp
C:\WINDOWS\LMI1C.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups

.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-18 13:48 . 2008-01-20 13:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-18 13:48 . 2008-01-20 13:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 03:26 . 2008-01-16 03:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-16 03:26 . 2008-01-16 03:26 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-01-16 03:26 . 2008-01-16 03:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-16 02:26 . 2008-01-20 12:54 <DIR> d-------- C:\WINDOWS\LMI1C.tmp
2008-01-16 01:47 . 2008-01-20 12:54 <DIR> d-------- C:\WINDOWS\LMI189.tmp
2008-01-15 11:20 . 2008-01-15 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-14 05:40 . 2008-01-14 05:40 <DIR> d-------- C:\nup
2008-01-14 04:33 . 2008-01-14 05:28 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-13 02:54 . 2008-01-13 02:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 02:54 . 2008-01-13 02:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-13 02:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 04:14 . 2008-01-11 04:14 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-11 04:11 . 2008-01-11 04:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-11 04:04 . 2008-01-11 04:04 <DIR> d-------- C:\Program Files\Bonjour
2008-01-11 03:49 . 2008-01-11 03:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-11 03:40 . 2008-01-12 11:58 <DIR> d-------- C:\Program Files\PowerISO
2008-01-10 03:39 . 2008-01-10 03:39 <DIR> d-------- C:\Program Files\uTorrent
2008-01-10 03:39 . 2008-01-10 17:19 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2008-01-09 04:05 . 2008-01-09 04:05 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-09 00:07 . 2008-01-09 00:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-09 00:07 . 2008-01-09 00:07 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-09 00:06 . 2008-01-09 00:06 <DIR> d-------- C:\WINDOWS\ShellNew

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 13:01 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Skype
2008-01-20 03:57 --------- d-----w C:\Program Files\iTunes
2008-01-20 02:59 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Xfire
2008-01-16 23:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-01-15 17:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 18:14 --------- d-----w C:\Program Files\DivX
2008-01-10 18:14 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-01-10 18:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-09 06:47 --------- d-----w C:\Program Files\World of Warcraft
2008-01-08 18:25 --------- d-----w C:\Program Files\QuickTime
2008-01-08 14:03 --------- d-----w C:\Program Files\Xfire
2007-11-27 23:34 --------- d-----w C:\Program Files\Soulseek
2007-11-27 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 07:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-26 11:16 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-10-21 17:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-21 17:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-20_12.57.14.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-20 02:32:50 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-20 13:03:56 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-20 02:32:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-20 13:03:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-20 02:32:50 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-20 13:03:56 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-20 02:32:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-20 13:03:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-20 02:32:50 3,006,464 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-20 13:03:56 3,006,464 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-20 02:32:50 172,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-20 13:03:57 172,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-18 03:48:13 102,400 ----a-r C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe
+ 2008-01-20 03:57:41 102,400 ----a-r C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 18:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 01:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:58 219136]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 12:25:52 2858832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38 241664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 20:34]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 18:49]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 23:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 23:08:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 23:08:57
ComboFix-quarantined-files.txt 2008-01-20 13:08:55
ComboFix2.txt 2008-01-20 02:57:46
ComboFix3.txt 2008-01-12 16:48:19
.
2008-01-15 16:34:41 --- E O F ---
 
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:12 PM, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6786 bytes


SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 11:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 00:34:04

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 6421
Registry threats detected : 0
File items scanned : 39648
File threats detected : 3

Malware.LocusSoftware Inc/StorageProtector
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0011991.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014071.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP122\A0014559.DLL
 
All SAS found where entires in your System Restore and removed them

These were not deleted, lets check them.

Go to this site Jotti Upload and under the browse feature, browse to these files

C:\WINDOWS\LMI1C.tmp
C:\WINDOWS\LMI189.tmp

Then click on Submit and it will give you a report, post the report in your next reply.
 
I went to the website and tried to locate the files you mentioned but they dont appear in the location it says theyre in.
 
They may be hidden. If there still not there after you do this then we won't worry about them.

We need to make sure all hidden files are showing :
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.
 
I changed the settings but theyre still not showing up. I heard that files like that can sometimes be Keyloggers, is that true?
 
Hello,

I heard that files like that can sometimes be Keyloggers, is that true? Not sure what they are, doing various searches is coming up with nothing. If enabling your system to see hidden files and there not present most likely means there gone.

I would like you to run this free online virus scanner, it won't remove any thing but give a excellent report as far as any bad files on your system.

Run this online scan using Internet Explorer:
Kaspersky Online Scanner from Kaspersky Online Virus Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Post the log along with a New HJT Log into your next reply.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:03 PM, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6819 bytes
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 5:50:06 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 490968
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 109523
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:41:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\brat100percent@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\brat100percent@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF18FF.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF7255.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF72E6.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFD25.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\World of Warcraft\Logs\gx.log Object is locked skipped
C:\Program Files\World of Warcraft\Logs\SESound.log Object is locked skipped
C:\Program Files\World of Warcraft\Logs\WoWChatLog.txt Object is locked skipped
C:\Program Files\World of Warcraft\Logs\WoWCombatLog.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007604.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007606.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007612.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007613.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007614.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007615.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007616.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007617.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007618.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007619.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007620.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007621.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007622.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007623.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007624.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007625.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP105\A0007697.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP108\A0008796.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP108\A0008852.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP108\A0009848.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP109\A0009909.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP109\A0009910.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP110\A0010848.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP110\A0010849.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP110\A0010880.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP110\A0010881.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP112\A0010941.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP112\A0010947.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP112\A0010948.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP112\A0010952.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0011006.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0011007.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0011992.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012001.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012003.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012004.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012005.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012006.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012027.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012028.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012029.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012035.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012036.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012037.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012038.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012042.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012050.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012051.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012052.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012053.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012080.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012083.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP113\A0012084.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0012111.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014069.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014070.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014097.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014122.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014123.EXE Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP114\A0014124.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP120\A0014523.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP123\A0014597.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP123\A0014598.dll Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP123\A0014599.exe Object is locked skipped
C:\System Volume Information\_restore{BC8E6A4E-6A7A-4B39-BB3E-1006C7C819B6}\RP128\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{475103BB-596F-4AD7-8EE8-0622FEB62ACA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Good Morning,

Kaspersky found no viruses and your HJT log looks fine :bigthumb:

But you do need to flush out your System Restore Program as to not take the chance of reinfecting yourself.

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

  • Right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.


Reboot your computer


Turn ON System Restore.

  • Right-click My Computer.
  • ClickProperties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.


Create a new Restore Point <-- Very Important

  • Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
    You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point
System Restore Tutorial <-- If you need it



How are things running now ??
 
Everything seems to be running perfectly. I used to get annoying popups on rebooting saying it couldnt find certain files or I didnt have access to them and theyre gone now. Looks good.
 
Thats great :bigthumb:


Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.
Click to expand...


If you install Spyware Blaster and Spyware Guard, do not enable the Tea Timer in Spybot Search and Destroy or they will conflict.
Here are some free programs to install, don't leave home without them
  • Spybot Search and Destroy 1.5
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give
    you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
    (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
    painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs,

Glad we could help.

Safe Surfn
Ken
 
You must log in or register to reply here.
Back
Top