Sign in to follow this  
FaRSeeR

!Help My Computer Is Infected! What Should i do?

Recommended Posts

Please stop with uninstalling and installing other programs in between, because I see you uninstalled Kaspersky and other malware is installed in between as well (Backdoor.Prorat). This is really confusing if you want to receive help! If you perform other steps in between all the time, how am I supposed to help you?

 

We'll look at Internet Explorer afterwards, since this is not a priority. A priority here is to get rid of malware first. It would really be easier for both of us if you just perform my instructions WITHOUT performing anything else I didn't ask, because otherwise this won't make sense.

 

Also, I cannot stress enough how important it is that you follow my instructions. In my previous reply I also asked to post a new HijackThislog. Unfortunately, it still appears that you are having problems with reading the instructions properly.

 

First thing:!

 

Please install an Antivirus asap again!!!!

 

Then reboot after installing your Antivirus.

 

After reboot,

 

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

 

File::

C:\WINDOWS\system32\telnetsvc32.exe

C:\WINDOWS\imsn.exe

C:\WINDOWS\Instmsng.dll

C:\WINDOWS\system32\imsn.exe

C:\WINDOWS\system32\Instmsng.dll

 

Save this as txtfile CFScript

 

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

 

CFScript.gif

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Share this post


Link to post
Share on other sites

ok i am sorry i am not as smart as you with this stuff.... no need to get mad... or pissy i no your trying to help but u must understand i am not super wiz at this and it takes me some time understanding all of this for my brain to process all of this.! bu i am tyring my best i will now do what u have asked of me.

Edited by FarSeeR

Share this post


Link to post
Share on other sites

Hi,

 

I'm not mad at all - but you have to understand it is really confusing if other steps are performed in between all the time. I'm trying to explain my instructions as simple as possible, so everyone can understand them. It isn't that hard to follow them - unless you are doing other stuff in between, as I have noticed already. That's why it is important that you focus on my instructions alone and don't install/uninstall/perform whatever other things in between, otherwise it's really hard to follow for me. :D

Share this post


Link to post
Share on other sites

when u mean anti virus is that like nortan and stuff? i am downloadoing AVG Free Edition for the anti virus and i did to the cnfscroipt thing like u said before the

====

File::

C:\mxuxc.exe

Driver::

CEDRIVER53

splittnt

ipnat2k

amdkex

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6017B}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{e7ccdb6e-ae6d-11cf-96b8-444553540000}]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

======

 

and then i sent u log i did not read where u say put the hijack log next or i simply miss read or miss saw it :/

 

i am on so reply fast :D

Share this post


Link to post
Share on other sites

Hi,

 

Please read my previous instructions again. This is what I posted in my previous post:

 

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

 

File::

C:\WINDOWS\system32\telnetsvc32.exe

C:\WINDOWS\imsn.exe

C:\WINDOWS\Instmsng.dll

C:\WINDOWS\system32\imsn.exe

C:\WINDOWS\system32\Instmsng.dll

 

Save this as txtfile CFScript

 

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

 

CFScript.gif

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

 

Yes, AVG is good for Antivirus. Please install it first and then reboot before performing the instructions with CFScript.

Share this post


Link to post
Share on other sites

Just be patient.

 

After it is done, reboot your computer in order to remove files which were in use.

 

Then perform my other steps with CFScript.

Share this post


Link to post
Share on other sites

COMBO FIX!!!!!!!!! WITH YOUR INSTRUCTIONS!!!!!!!!

 

 

ComboFix 08-05-01.3 - Justin 2008-05-04 4:43:16.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1400 [GMT 10:00]

Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Justin\Desktop\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\imsn.exe

C:\WINDOWS\Instmsng.dll

C:\WINDOWS\system32\imsn.exe

C:\WINDOWS\system32\Instmsng.dll

C:\WINDOWS\system32\telnetsvc32.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))

.

 

2008-05-04 03:31 . 2008-05-04 04:34 <DIR> d--h----- C:\$AVG8.VAULT$

2008-05-04 03:22 . 2008-05-04 03:24 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-04 03:22 . 2008-05-04 03:22 <DIR> d-------- C:\Program Files\AVG

2008-05-04 03:22 . 2008-05-04 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-05-04 03:22 . 2008-05-04 03:22 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-04 03:22 . 2008-05-04 03:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-04 02:51 . 2008-05-04 02:51 <DIR> d-------- C:\WINDOWS\LastGood

2008-05-02 12:17 . 2008-05-02 12:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\TeamViewer

2008-05-02 12:01 . 2008-05-02 12:01 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\TeamViewer

2008-05-02 12:00 . 2008-05-02 12:00 <DIR> d-------- C:\Documents and Settings\Justin\temp

2008-05-01 11:50 . 2008-05-01 11:50 <DIR> d-------- C:\Program Files\MetaStream

2008-05-01 11:50 . 2008-05-01 11:50 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Viewpoint

2008-04-27 15:10 . 2008-04-27 15:10 <DIR> d-------- C:\Documents and Settings\Justin\Application Data\Apple Computer

2008-04-27 15:10 . 2008-05-04 01:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-27 15:10 . 2008-04-27 15:10 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-27 15:09 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\iTunes

2008-04-27 15:09 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\iPod

2008-04-27 15:08 . 2008-04-27 15:09 <DIR> d-------- C:\Program Files\QuickTime

2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Program Files\Apple Software Update

2008-04-27 15:08 . 2008-04-27 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-04-27 15:08 . 2008-04-27 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-04-26 09:03 . 2008-04-26 09:03 <DIR> d-------- C:\WINDOWS\ERUNT

2008-04-25 22:18 . 2008-04-25 22:18 396,288 --a------ C:\Program Files\HijackThis.exe

2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-25 05:22 . 2007-09-28 14:29 <DIR> d-------- C:\Documents and Settings\Justin\SmitfraudFix

2008-04-25 04:29 . 2008-04-25 04:29 268 --ah----- C:\sqmdata02.sqm

2008-04-25 04:29 . 2008-04-25 04:29 244 --ah----- C:\sqmnoopt02.sqm

2008-04-25 04:29 . 2008-04-25 04:29 172 --ah----- C:\sqmnoopt03.sqm

2008-04-25 04:29 . 2008-04-25 04:29 172 --ah----- C:\sqmdata03.sqm

2008-04-25 04:23 . 2008-04-25 04:23 <DIR> d-------- C:\Documents and Settings\Justin\question files

2008-04-24 20:11 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-04-24 20:11 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-04-24 20:11 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-04-23 08:29 . 2008-04-23 08:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-04-10 09:23 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

2008-04-08 02:47 . 2008-04-08 02:47 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx

2008-04-03 18:17 . 2008-04-03 18:17 <DIR> d-------- C:\Program Files\pb

2008-04-03 18:17 . 2006-08-25 14:54 5,431,296 -ra------ C:\Program Files\FEARMP.exe

2008-04-03 16:38 . 2008-04-03 18:16 616,569,723 --a------ C:\Program Files\fear_update_en_100-107_108.exe

2008-04-03 16:37 . 2006-08-25 14:46 5,423,104 -ra------ C:\Program Files\FEAR.exe

2008-04-03 16:37 . 2003-11-04 16:47 499,712 -ra------ C:\Program Files\msvcp71.dll

2008-04-03 16:37 . 2003-11-04 16:47 348,160 -ra------ C:\Program Files\msvcr71.dll

2008-04-03 16:29 . 2003-10-16 13:34 2,041,744 -ra------ C:\Program Files\WMFADist.exe

2008-04-03 16:29 . 2006-08-25 14:25 1,077,248 -ra------ C:\Program Files\EngineServer.dll

2008-04-03 16:29 . 2003-11-04 16:47 1,060,864 -ra------ C:\Program Files\MFC71.dll

2008-04-03 16:29 . 2003-03-18 22:12 1,047,552 -ra------ C:\Program Files\MFC71u.dll

2008-04-03 16:29 . 2005-01-07 17:01 224,768 -ra------ C:\Program Files\fpupdate.exe

2008-04-03 16:29 . 2006-08-25 14:27 221,184 -ra------ C:\Program Files\FEARServer.exe

2008-04-03 16:29 . 2006-08-25 14:25 208,896 -ra------ C:\Program Files\Monolith.PropertyGrid.dll

2008-04-03 16:29 . 2005-06-24 21:41 192,512 -ra------ C:\Program Files\binkw32.dll

2008-04-03 16:29 . 2005-03-24 12:58 188,416 -ra------ C:\Program Files\eax.dll

2008-04-03 16:29 . 2006-08-25 14:26 98,304 -ra------ C:\Program Files\Config.exe

2008-04-03 16:29 . 2006-08-23 16:12 61,440 -ra------ C:\Program Files\SndDrv.dll

2008-04-03 16:29 . 2006-08-25 14:25 61,440 -ra------ C:\Program Files\GameDatabase.dll

2008-04-03 16:29 . 2006-08-23 16:13 28,160 -ra------ C:\Program Files\LTMemory.dll

2008-04-03 16:29 . 2006-08-25 14:25 14,336 -ra------ C:\Program Files\StringEditRuntime.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 18:26 --------- d-----w C:\Program Files\Warcraft III

2008-05-03 17:15 --------- d-----w C:\Documents and Settings\Justin\Application Data\Xfire

2008-05-03 16:51 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-05-03 02:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-03 02:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-05-03 02:06 --------- d-----w C:\Program Files\Xfire

2008-05-01 19:03 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype

2008-05-01 01:03 --------- d-----w C:\Program Files\Bonjour

2008-05-01 01:01 --------- d-----w C:\Program Files\Viewpoint

2008-04-30 17:21 8,055 ----a-w C:\Program Files\hijackthis.log

2008-04-30 09:50 --------- d-----w C:\Documents and Settings\Justin\Application Data\skypePM

2008-04-28 13:12 6,144 --sha-w C:\Program Files\Thumbs.db

2008-04-26 10:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-25 06:38 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe

2008-04-25 05:08 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-04-25 04:43 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent

2008-04-24 19:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-24 10:07 2,106 ----a-w C:\WINDOWS\system32\tmp.reg

2008-04-20 23:02 --------- d-----w C:\Program Files\Garena

2008-04-07 12:25 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ahead

2008-04-03 08:19 1,809 ----a-w C:\Program Files\Uninstall F.E.A.R..lnk

2008-04-03 08:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-03 06:37 1,584 ----a-w C:\Program Files\Shortcut to User directory.lnk

2008-04-02 23:02 --------- d-----w C:\Program Files\World of Warcraft

2008-04-02 02:18 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2008-04-02 02:18 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2008-04-02 02:18 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2008-04-01 12:22 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2008-04-01 05:10 --------- d-----w C:\Documents and Settings\Justin\Application Data\Paltalk

2008-04-01 05:09 --------- d-----w C:\Program Files\Paltalk Messenger

2008-03-30 20:23 --------- d-----w C:\Program Files\Game Cam V2

2008-03-30 01:40 --------- d-----w C:\Documents and Settings\Justin\Application Data\Sony

2008-03-30 01:40 --------- d-----w C:\Documents and Settings\Justin\Application Data\Publish Providers

2008-03-30 01:31 --------- d-----w C:\Program Files\Vstplugins

2008-03-30 01:31 --------- d-----w C:\Program Files\Sony

2008-03-30 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony

2008-03-30 01:29 --------- d-----w C:\Program Files\MSBuild

2008-03-30 01:26 --------- d-----w C:\Program Files\Reference Assemblies

2008-03-30 01:20 --------- d-----w C:\Program Files\Sony Setup

2008-03-30 01:20 --------- d-----w C:\Documents and Settings\Justin\Application Data\Sony Setup

2008-03-29 15:44 --------- d-----w C:\Program Files\Steam

2008-03-29 03:46 --------- d-----w C:\Program Files\CamStudio

2008-03-29 03:38 --------- d-----w C:\Program Files\NCH Swift Sound

2008-03-29 03:38 --------- d-----w C:\Program Files\NCH Software

2008-03-29 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software

2008-03-29 03:37 --------- d-----w C:\Documents and Settings\Justin\Application Data\NCH Software

2008-03-29 03:28 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound

2008-03-29 03:28 --------- d-----w C:\Documents and Settings\Justin\Application Data\Recordpad

2008-03-29 03:28 --------- d-----w C:\Documents and Settings\Justin\Application Data\NCH Swift Sound

2008-03-29 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-03-28 15:48 --------- d-----w C:\Program Files\America's Army

2008-03-26 23:44 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-26 23:44 --------- d-----w C:\Documents and Settings\Justin\Application Data\Codemasters

2008-03-26 23:43 --------- d-----w C:\Program Files\AGEIA Technologies

2008-03-26 06:30 --------- d-----w C:\Program Files\AT&T WorldNet Setup

2008-03-26 03:41 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

2008-03-26 03:29 --------- d-----w C:\Program Files\PlayLinc

2008-03-26 03:19 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-26 03:08 --------- d-----w C:\Program Files\Ubisoft

2008-03-22 12:22 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory

2008-03-21 06:31 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ventrilo

2008-03-19 06:50 --------- d-----w C:\Program Files\Java

2008-03-16 22:22 165,189 ----a-w C:\WINDOWS\system32\dmdcache.dll

2008-03-16 14:34 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-03-14 19:46 --------- d-----w C:\Documents and Settings\Justin\Application Data\Hamachi

2008-03-13 09:28 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-03-13 06:15 --------- d-----w C:\Program Files\Common Files\Nullsoft

2008-03-13 06:15 --------- d-----w C:\Program Files\AIM

2008-03-13 06:15 --------- d-----w C:\Documents and Settings\Justin\Application Data\AIMPro

2008-03-13 06:15 --------- d-----w C:\Documents and Settings\Justin\Application Data\AIM

2008-03-11 11:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-03-11 11:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-03-11 11:43 --------- d-----w C:\Program Files\Real

2008-03-11 11:43 --------- d-----w C:\Program Files\Common Files\xing shared

2008-03-11 11:43 --------- d-----w C:\Program Files\Common Files\Real

2008-03-11 11:42 --------- d-----w C:\Program Files\Google

2008-03-04 14:45 --------- d--h--r C:\Documents and Settings\Justin\Application Data\yahoo!

2008-03-04 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!

2008-03-04 02:59 1,052,672 ----a-w C:\WINDOWS\system32\AdjMmsEng.dll

2008-03-03 22:42 --------- d-----w C:\Program Files\VideoLAN

2008-03-03 22:42 --------- d-----w C:\Documents and Settings\Justin\Application Data\vlc

2008-03-03 13:26 --------- d-----w C:\Program Files\Xvid

2008-03-03 13:26 --------- d-----w C:\Program Files\DivX

2008-03-02 15:44 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-27 20:44 29,184 ----a-w C:\WINDOWS\system32\cjpg.dll

2008-02-13 14:18 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-11 15:04 2,829 ----a-w C:\WINDOWS\War3Unin.pif

2008-02-11 15:04 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2008-02-11 12:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-02-11 10:32 315,392 ----a-w C:\WINDOWS\HideWin.exe

2006-08-30 15:02 883,997 ----a-w C:\Program Files\FEARL_8.Arch00

2006-08-30 15:02 7,983,473 ----a-w C:\Program Files\FEARA_8.Arch00

2006-08-30 15:02 7,367,024 ----a-w C:\Program Files\FEAR_8.Arch00

2006-08-30 15:02 4,579,744 ----a-w C:\Program Files\FEARE_8.Arch00

2006-08-23 03:53 66,060 ----a-r C:\Program Files\readme.txt

2006-08-10 07:19 2,268 ----a-r C:\Program Files\Config.Strdb00p

2006-08-10 05:20 557 ----a-r C:\Program Files\Default.archcfg

2006-07-27 01:48 901,351 ----a-r C:\Program Files\FEARL_7.Arch00

2006-07-27 01:48 67,315,875 ----a-r C:\Program Files\FEAR_7.Arch00

2006-07-27 01:48 4,575,648 ----a-r C:\Program Files\FEARE_7.Arch00

.

 

((((((((((((((((((((((((((((( [email protected]_ 3.18.06.40 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-30 17:09:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-03 15:29:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-04-25 05:40:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-02 02:01:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-04-25 05:40:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-05-02 02:01:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-05-02 02:01:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-03 17:22:42 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys

+ 2008-01-25 09:12:34 25,088 ----a-w C:\WINDOWS\system32\drivers\teamviewervpn.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07 15360]

"Aim6"="" []

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 17:54 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 00:41 81920]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 14:47 16859648 C:\WINDOWS\RTHDCPL.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 12:08 20480]

"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 16:39 110592]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 12:57 344064]

"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [2007-10-09 02:45 5043528]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 03:22 1177368]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:07 15360]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-02 06:32 8699904]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-12 07:34:40 10252288]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\FEAR.exe"=

"C:\\Program Files\\FEARMP.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9111:TCP"= 9111:TCP:*:Disabled:SolidNetworkManager

"9111:UDP"= 9111:UDP:*:Disabled:SolidNetworkManager

"60126:TCP"= 60126:TCP:*:Disabled:SolidNetworkManager

"60126:UDP"= 60126:UDP:*:Disabled:SolidNetworkManager

"10032:TCP"= 10032:TCP:*:Disabled:SolidNetworkManager

"10032:UDP"= 10032:UDP:*:Disabled:SolidNetworkManager

"34469:TCP"= 34469:TCP:*:Disabled:SolidNetworkManager

"34469:UDP"= 34469:UDP:*:Disabled:SolidNetworkManager

"86:TCP"= 86:TCP:BroadCam Web Server

 

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 15:46]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-04 03:22]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 03:22]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 16:42]

S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 19:12]

 

*Newly Created Service* - AVG8WD

*Newly Created Service* - AVGLDX86

*Newly Created Service* - AVGMFX86

.

Contents of the 'Scheduled Tasks' folder

"2008-04-27 05:08:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 04:45:42

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 74

 

**************************************************************************

.

Completion time: 2008-05-04 4:47:51

ComboFix-quarantined-files.txt 2008-05-03 18:46:57

ComboFix2.txt 2008-05-03 15:35:10

ComboFix3.txt 2008-04-30 17:18:36

 

Pre-Run: 31,584,620,544 bytes free

Post-Run: 31,594,758,144 bytes free

 

293

 

 

 

 

 

 

HIJACK THIS

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:49:13 AM, on 4/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\AIM\AIM Pro\aimpro.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1844237615-2025429265-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-21-1844237615-2025429265-839522115-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 9012 bytes

Share this post


Link to post
Share on other sites

Hi,

 

Much better..

 

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

As a final check:

 

 

Then, Please perform this online scan: Kaspersky Webscan

1. Read the Requirements and Privacy statement, then select "Accept"

2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab

3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.

4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"

5. When the download is complete it will say ready, click "Next"

6. Select a target to scan: Click on "My Computer"

7. When the scan is complete choose to save the results as "Save as Text"

8. Post the Kaspersky scan results in your next reply.

Share this post


Link to post
Share on other sites

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, May 04, 2008 6:09:05 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 3/05/2008

Kaspersky Anti-Virus database records: 737509

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan Statistics:

Total number of scanned objects: 98206

Number of viruses found: 10

Number of infected objects: 33

Number of suspicious objects: 0

Duration of the scan process: 01:40:25

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrator\NtUser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ProratD.zip/reginv.dll Infected: Backdoor.Win32.Prorat.kw skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ProratD.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Justin\Application Data\acccore\nss\cert8.db Object is locked skipped

C:\Documents and Settings\Justin\Application Data\acccore\nss\key3.db Object is locked skipped

C:\Documents and Settings\Justin\Application Data\AIMPro\Log\aimpro.exe_PL_Trace.txt Object is locked skipped

C:\Documents and Settings\Justin\Application Data\AIMPro\Log\apExtCmp.log Object is locked skipped

C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\cert8.db Object is locked skipped

C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\history.dat Object is locked skipped

C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\key3.db Object is locked skipped

C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\parent.lock Object is locked skipped

C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Justin\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Justin\Desktop\StealthBot\WestBot\plugins\ST_users.ldb Object is locked skipped

C:\Documents and Settings\Justin\Desktop\StealthBot\WestBot\plugins\ST_users.mdb Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\AOL OCP\AIM\Storage\data\forthefarseer\localStorage\common.cls Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\Matty5[email protected]\SharingMetadata\Working\database_F21C_E14E_1CE1_E83\dfsr.db Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F21C_E14E_1CE1_E83\fsr.log Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F21C_E14E_1CE1_E83\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_F21C_E14E_1CE1_E83\tmp.edb Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Application DataKiweeToolbar1.3.118.msi/_AB18C1B2C08CDE35AFB57346A4551D9A/_255311685EC0439E9B51F19CA2877AB9 Infected: Trojan-Downloader.Win32.Zlob.meq skipped

C:\Documents and Settings\Justin\Local Settings\Application DataKiweeToolbar1.3.118.msi/_AB18C1B2C08CDE35AFB57346A4551D9A Infected: Trojan-Downloader.Win32.Zlob.meq skipped

C:\Documents and Settings\Justin\Local Settings\Application DataKiweeToolbar1.3.118.msi Embedded: infected - 2 skipped

C:\Documents and Settings\Justin\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temp\JETE81E.tmp Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temp\trace.txt Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temp\tricon-aol.txt Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temp\~DF1660.tmp Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temp\~DF1A45.tmp Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temp\~DFCB9B.tmp Object is locked skipped

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Justin\My Documents\My Music\sbshelp.exe/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

C:\Documents and Settings\Justin\My Documents\My Music\sbshelp.exe 7-Zip: infected - 1 skipped

C:\Documents and Settings\Justin\My Documents\My Music\sbshelp.exe UPX: infected - 1 skipped

C:\Documents and Settings\Justin\My Documents\My Received Files\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped

C:\Documents and Settings\Justin\My Documents\My Received Files\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped

C:\Documents and Settings\Justin\My Documents\My Received Files\daemon4121-lite.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Justin\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Justin\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Justin\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080504-050819-179.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\Program Files\Warcraft III\bncache.dat Object is locked skipped

C:\Program Files\Warcraft III\TempReplay.w3g Object is locked skipped

C:\QooBox\Quarantine\C\mxuxc.exe.vir Infected: Trojan.Win32.Pakes.cso skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029782.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029787.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029788.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029789.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029790.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029791.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029792.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0029793.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030404.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030409.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030410.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030411.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030412.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030413.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030414.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP101\A0030415.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031404.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031409.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031410.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031411.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031412.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031413.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031414.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP104\A0031415.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031442.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031444.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031445.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031446.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031447.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031448.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031449.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP105\A0031450.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031586.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031590.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031591.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031592.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031593.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031594.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031595.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0031596.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032585.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032588.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032589.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032590.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032591.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032592.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032593.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0032594.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033585.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033588.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033589.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033590.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033591.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033592.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033593.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP108\A0033594.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP110\A0033700.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP110\A0033718.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP111\A0033803.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP111\A0033808.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP111\A0033808.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ury skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP111\A0033808.exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.usn skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP111\A0033808.exe/data.rar Infected: Trojan-Downloader.Win32.Small.usn skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP111\A0033808.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033811.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033812.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033813.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033814.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033835.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033838.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033839.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033840.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033841.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0034859.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0034860.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0036100.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0036101.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0036102.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0039095.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040095.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040101.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040103.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040105.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040106.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040107.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040108.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040109.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040119.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040120.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040121.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040122.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040123.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040125.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040128.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP115\A0040129.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP120\A0046874.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046965.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046966.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046967.ocx Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046968.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046969.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046970.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046971.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046972.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP122\change.log Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026780.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026785.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026786.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026787.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026788.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026789.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026790.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP91\A0026791.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027780.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027786.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027787.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027788.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027789.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027790.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027791.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP96\A0027792.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028783.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028788.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028789.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028790.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028791.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028792.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028793.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP97\A0028794.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP98\A0028831.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP98\A0028832.dll Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP98\A0028833.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP98\A0028834.exe Object is locked skipped

C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP98\A0028835.exe Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\SmitfraudFix\sbshelp.exe/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

F:\SmitfraudFix\sbshelp.exe 7-Zip: infected - 1 skipped

F:\SmitfraudFix\sbshelp.exe UPX: infected - 1 skipped

F:\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\SmitfraudFix\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\SmitfraudFix\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped

F:\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped

F:\StealthBot\Jay's Stuff\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\StealthBot\Jay's Stuff\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\StealthBot\Jay's Stuff\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP112\A0033820.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP121\A0046973.exe Object is locked skipped

F:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP122\change.log Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP122\change.log Object is locked skipped

 

Scan process completed.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:10:39 PM, on 4/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\AIM\AIM Pro\aimpro.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1844237615-2025429265-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-21-1844237615-2025429265-839522115-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 8938 bytes

 

 

i no you dident ask for it but just incase i ##### up if we finished with all this hopefully can we fix my internet browser! B)

Share this post


Link to post
Share on other sites

Hi,

 

You really need to stay away from cracksites / P2P programs, because that's how you got infected. You say you don't know much about computers, but you certainly know how to use P2P programs, download cracks/keygens etc...

 

Check and fix the following entry in HijackThis as well:

 

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

Navigate to and delete the following files:

 

C:\Documents and Settings\Justin\Local Settings\Application DataKiweeToolbar1.3.118.msi

C:\Documents and Settings\Justin\My Documents\My Music\sbshelp.exe

C:\Documents and Settings\Justin\My Documents\My Received Files\daemon4121-lite.exe

 

Delete the following folders:

 

F:\Smitfraudfix

C:\Documents and Settings\Justin\SmitfraudFix

 

Then, * Go to start > run and copy and paste next command in the field:

 

ComboFix /u

 

Make sure there's a space between Combofix and /

Then hit enter.

 

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

 

Then, to restore your Internet Explorer, I see no need to restore it, since you are running an older/vulnerable version anyway.I rather suggest you update it to Internet Explorer 7.

So visit Windows Updates to download and install all updates, including Internet Explorer 7!

Share this post


Link to post
Share on other sites

ok

 

1)im not the only one who uses this comp i dont go to any psp or w/e things i dont download anything that im not ment to anyway

 

this is the new hijack this log since i deleted everythign u told me and combix fix and stuff

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:20:00 PM, on 4/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\AIM\AIM Pro\aimpro.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Documents and Settings\Justin\Desktop\StealthBot\WestBot\StealthBot v2.6R3.exe

C:\Documents and Settings\Justin\Desktop\StealthBot\EastBot\StealthBot v2.6R3.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 8670 bytes

 

 

and i would rather just stay with IE 6 please help me restore it wihtout updaten it.

Share this post


Link to post
Share on other sites
and i would rather just stay with IE 6 please help me restore it wihtout updaten it.
Why is that?

 

If you want to restore your IE6, you just have to drag the bars again. You see on top in your IE6 that there are arrows. You can drag them and set them as you like.

Share this post


Link to post
Share on other sites

i prefer IE 6 cause i just prefer the one im alredy most fimliar with and i see the arrows but they dont drag down its like stuck or something

 

and like i dont even have a typing bar to type in?

Edited by FarSeeR

Share this post


Link to post
Share on other sites

IE7 is more secure and you'll get familiar with it as well. It doesn't really make sense to use vulnerable versions, because you are familiar with it.

 

Look in IE, in the menu > View > Toolbars > uncheck "lock the Toolbars".

Also, make sure that> in the toolbars menu, that Standard Buttons,Address barr and Links are checked. If unchecked, just click them to check them.

Share this post


Link to post
Share on other sites

yes i understand i fixed it but the home button and back and foward and stop and stuff are really big how to make them smaller?

Share this post


Link to post
Share on other sites

Select View > Toolbars > Customize icons and select small icons in the dropdown list below next to Icon options.

image020.gif

Share this post


Link to post
Share on other sites

Many thank's for your paitents everything ive asked you have helped i no im such a dumby rofl and thx u for bareing with me <3 i appreicate all the help and i say thank you.! and i hope i can come to you for anything eles in the future! FareWell <3

Share this post


Link to post
Share on other sites

Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

i have read all of them and i indeed say they all make alot of sense im going to go defragement my drives

 

happy surfing :)

 

and im just giving you a head's up friend with your page bout Speed/system performance after malware removal take a look here Page

 

You made 1 mistake just incase u might wanna fix it

 

1. What are the Specifications of your computer, especially RAM (128MB, 256MB, 512MB, more...?)

 

To find out, rightclick My Computer and choose Properties > General tab.

If less than 512MB, pay attention to what software you install (memory requirement and processing time) and make sure you don't let them all (starting)[start up] with windows. The more programs that start up with windows, the more resources they need > result > slow computer.

 

( ) = mistake [ ] = Corrrect

 

Hope it helped ;) at least someway i can say ty :D

Edited by FarSeeR

Share this post


Link to post
Share on other sites

Well, english is not my native language (I'm dutch), so I'm sure there are more grammar and spelling mistakes in it. Anyway, fixed it. Thanks. :)

Share this post


Link to post
Share on other sites

well for a dutch guy you're English is very good. but it's the internet grammer and spelling dosent really matter ;)

 

im australian my native tounge is English do you see me caring :D bout spelling and grammar :)

Share this post


Link to post
Share on other sites

Funny that you spotted that grammar mistake after all ;)

 

well for a dutch guy
Still female though, but you could not know that :)

Share this post


Link to post
Share on other sites

hahaha my bad :) For a dutch Girl/Woman :D you're english is good :D but yes i did not know that ;) i am sorry <3

 

would it be bad if i asked you if you have msn/aim/yahoo and if so could get any of your contacts so if u wanted we could chat and be as friends :)?

Edited by FarSeeR

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this