 |
 |
|
|
|||||||
|
||||||||
02-04-2008, 03:34 AM
|
#1 (permalink) |
|
Silver Member
 Join Date: Sep 2005
Age: 21
Posts: 112
|
Analyse combofix log and hijack log
ComboFix 08-02.03.1 - HP_Owner 2008-02-03 19:25:04.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\Software Installer\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\inst.exe C:\temp\tn3 C:\WINDOWS\ORUN32.EXE C:\WINDOWS\system32\CMMGR32.EXE C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete ----- BITS: Possible infected sites ----- hxxp://www.download.windowsupdate.com hxxp:/ . ((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))) . 2008-02-03 19:31 . 2008-02-03 19:31 <DIR> d-------- C:\temp\tn3 2008-02-03 12:26 . 2008-02-03 12:26 167,545 --a--c--- C:\WINDOWS\system32\drivers\core.cache.dsk 2008-02-03 12:26 . 2008-02-03 12:26 86,144 --a--c--- C:\WINDOWS\system32\drivers\wmilibb.sys 2008-02-03 11:27 . 2008-02-03 15:31 <DIR> d----c--- C:\Downloads 2008-02-03 09:01 . 2008-02-03 09:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero 2008-02-01 18:19 . 2008-02-03 11:38 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2008-02-01 18:19 . 2008-02-01 18:19 1,409 --a--c--- C:\WINDOWS\QTFont.for 2008-01-28 20:39 . 2008-01-28 20:39 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-01-28 20:36 . 2008-01-28 20:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-01-27 18:37 . 2008-01-27 18:38 <DIR> d-------- C:\Program Files\Java 2008-01-27 10:49 . 1995-12-14 02:10 1,682,688 -ra--c--- C:\WINDOWS\QTINSTAL.EXE 2008-01-27 10:49 . 1995-12-14 02:10 92,384 -ra--c--- C:\WINDOWS\QTW16DEL.EXE 2008-01-27 10:49 . 2006-02-11 20:51 191 --a--c--- C:\WINDOWS\QTW.INI 2008-01-27 10:49 . 2002-10-03 13:42 34 --a--c--- C:\WINDOWS\Q3version.ini 2008-01-24 09:16 . 2004-12-14 08:07 708,608 -ra--c--- C:\WINDOWS\system32\hpotiop.dll 2008-01-24 09:16 . 2004-12-14 08:07 278,528 -ra--c--- C:\WINDOWS\system32\hpgwiamd.dll 2008-01-24 09:16 . 2004-12-14 08:07 229,376 -ra--c--- C:\WINDOWS\system32\hpovst08.dll 2008-01-24 09:09 . 2008-01-24 09:37 68,964 --a--c--- C:\WINDOWS\hpoins05.dat 2008-01-24 09:09 . 2004-12-14 08:07 19,696 -----c--- C:\WINDOWS\hpomdl05.dat 2008-01-21 16:22 . 2008-01-21 16:22 12,518,948 -----c--- C:\avg7qt.dat 2008-01-21 16:09 . 2008-02-03 18:33 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7 2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-21 16:08 . 2008-02-03 12:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7 2008-01-20 21:26 . 2008-01-28 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-20 19:53 . 2008-01-20 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient 2008-01-19 09:16 . 2008-01-27 08:40 <DIR> d-------- C:\Program Files\DivX 2008-01-19 07:27 . 2008-01-27 09:10 5,632 --ahsc--- C:\WINDOWS\system32\Thumbs.db 2008-01-18 21:08 . 2008-01-18 21:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit 2008-01-14 21:20 . 2008-01-14 21:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Vso 2008-01-14 21:20 . 2008-01-14 21:20 47,360 --a--c--- C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-14 21:20 . 2008-01-14 21:21 47,360 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys 2008-01-12 18:42 . 2008-01-12 18:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\snap 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\STATES 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\SHOTS 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ROMDATA 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\INPUT 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\EEPROM 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CONFIG 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CHEATS 2008-01-12 18:27 . 2008-01-12 18:38 25 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat 2008-01-12 18:27 . 2008-01-12 18:39 0 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT 2008-01-12 07:03 . 2008-01-12 07:09 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts 2008-01-06 19:56 . 2007-01-18 04:00 3,968 --a--c--- C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-05 14:42 . 2008-01-05 14:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Comodo 2008-01-05 14:42 . 2008-01-05 14:42 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Comodo 2008-01-05 14:40 . 2008-01-04 16:15 281 --a--c--- C:\boot.ini.comodofirewall 2008-01-04 12:55 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl 2008-01-04 09:11 . 2008-01-04 09:11 917,504 --a--c--- C:\WINDOWS\system32\FLASH.OCX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes 2008-02-03 17:15 --------- d-----w C:\Program Files\iPod 2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime 2008-02-02 14:22 --------- d-----w C:\Program Files\Blubster 2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild 2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works 2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-27 17:18 --------- d-----w C:\Program Files\SpywareBlaster 2008-01-27 16:47 15,582 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat 2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP 2008-01-24 17:32 --------- d-----w C:\Program Files\HP 2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-22 00:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo 2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-01-20 01:08 --------- d-----w C:\Program Files\Spyware Terminator 2008-01-19 22:19 --------- d-----w C:\Program Files\WinClamAVShield 2008-01-19 05:06 --------- d-----w C:\Program Files\IObit 2008-01-12 15:03 --------- d-----w C:\Program Files\Common Files\Scanner 2008-01-10 23:21 --------- d-----w C:\Program Files\SpywareGuard 2008-01-07 04:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer 2008-01-05 19:14 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-01-04 16:24 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo 2008-01-04 16:09 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator 2008-01-02 21:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-02 21:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti 2008-01-02 21:26 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-31 06:29 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo! 2007-12-31 06:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-30 22:27 --------- d-----w C:\Program Files\Common Files\xing shared 2007-12-30 22:26 --------- d-----w C:\Program Files\Common Files\Real 2007-12-30 17:48 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive 2007-12-30 17:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com 2007-12-30 01:05 --------- d-----w C:\Program Files\WindSolutions 2007-12-29 16:44 --------- d-----w C:\Program Files\interMute 2007-12-29 03:53 138,752 -c--a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-12-27 20:38 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM 2007-12-27 04:39 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto 2007-12-27 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans 2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian 2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs 2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner 2007-12-27 02:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback 2007-12-27 01:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template 2007-12-27 01:19 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint 2007-12-27 01:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL 2007-12-27 01:14 1,865 -csha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASU STek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_ 8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK 2007-12-27 01:06 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2007-12-27 01:05 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63 2007-12-26 17:23 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\SiteAdvisor 2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite 2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nokia 2007-12-26 17:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Suite 2007-12-26 17:05 --------- d-----w C:\Program Files\DIFX 2007-12-26 17:04 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-12-26 17:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations 2007-12-25 05:56 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\FileVOoM 2007-12-25 05:56 --------- d-----w C:\Program Files\iPod Download 2007-12-20 22:22 --------- d-----w C:\Program Files\Premium Booster 2007-12-20 22:16 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\iolo 2007-12-20 22:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo 2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat 2007-12-15 19:41 --------- d-----w C:\Program Files\Google 2007-12-14 23:00 --------- d-----w C:\Program Files\Norton Security Scan 2007-12-12 03:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-12 00:20 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AVG7 2007-12-10 18:34 1,824 -c--a-w C:\reg_AppID_CLSID.reg,.reg 2007-12-10 17:57 --------- d-----w C:\Program Files\Windows Installer Clean Up 2007-12-10 17:57 --------- d-----w C:\Program Files\MSECACHE 2007-12-09 21:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-03-05 00:29 774,144 -c--a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472] "SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 04:00 158208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-21 16:18 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] --a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] --a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2008-01-21 16:18 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run] --a------ 2008-01-21 16:18 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] --a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] --a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-12-30 14:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVG Anti-Spyware Guard"=2 (0x2) R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53] R1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilib b.sys [2008-02-03 12:26] . Contents of the 'Scheduled Tasks' folder "2008-01-30 02:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-04 03:34:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-03 19:32:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\America Online 9.0\shellmon.exe . ************************************************** ************************ . Completion time: 2008-02-03 19:38:34 - machine was rebooted [HP_Owner] ComboFix-quarantined-files.txt 2008-02-04 03:38:30 . 2007-12-27 05:09:38 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:41:48 PM, on 2/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\America Online 9.0\shellmon.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7165 bytes Last edited by alyoob; 02-04-2008 at 03:37 AM. |
|
|
|
02-04-2008, 06:14 PM
|
#2 (permalink) | |
|
Diamond Member
 
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,730
|
Hello,
You're infected with the core.cache.dsk. Please follow these instructions: Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet). Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.
Quote:
Start Avenger by double clicking on Avenger.exe.
__________________
Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be
guess that's hard for others to see Last edited by Punk; 02-04-2008 at 06:19 PM. |
|
|
|
|
|
02-05-2008, 03:53 AM
|
#3 (permalink) |
|
Silver Member
Join Date: Sep 2005
Age: 21
Posts: 112
|
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Service s\vjqdoblh ******************* Script file located at: \??\C:\hxjndmfj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key \Registry\Machine\System\CurrentControlSet\Service s\wmilibb.sys not found! Unload of driver wmilibb.sys failed! Could not process line: wmilibb.sys Status: 0xc0000034 Folder C:\Temp\tn3 deleted successfully. File C:\WINDOWS\system32\drivers\core.cache.dsk deleted successfully. File C:\WINDOWS\system32\drivers\wmilibb.sys deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
02-05-2008, 04:46 PM
|
#4 (permalink) |
|
Diamond Member
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,730
|
Ok do you still have pop-ups?
I'd like to see a fresh HJT and Combofix log please.
__________________
Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be
guess that's hard for others to see |
|
|
|
|
02-07-2008, 05:01 PM
|
#5 (permalink) |
|
Silver Member
Join Date: Sep 2005
Age: 21
Posts: 112
|
New combofix and hijack log
I do not have popups anymore.
ComboFix 08-02.03.1 - HP_Owner 2008-02-07 8:56:53.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -8:00] Running from: C:\Documents and Settings\HP_Owner.YOUR-03667082DE\My Documents\Alfred stuff\Software Installer\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))) . 2008-02-05 08:37 . 2008-02-05 08:37 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab 2008-02-05 08:37 . 2008-02-05 08:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-05 08:20 . 2008-02-05 08:20 <DIR> d-------- C:\Program Files\CleanUp! 2008-02-03 11:27 . 2008-02-03 15:31 <DIR> d----c--- C:\Downloads 2008-02-03 09:01 . 2008-02-03 09:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Nero 2008-01-28 20:39 . 2008-01-28 20:39 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-01-28 20:36 . 2008-01-28 20:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-01-27 18:37 . 2008-01-27 18:38 <DIR> d-------- C:\Program Files\Java 2008-01-27 10:49 . 1995-12-14 02:10 1,682,688 -ra--c--- C:\WINDOWS\QTINSTAL.EXE 2008-01-27 10:49 . 1995-12-14 02:10 92,384 -ra--c--- C:\WINDOWS\QTW16DEL.EXE 2008-01-27 10:49 . 2006-02-11 20:51 191 --a--c--- C:\WINDOWS\QTW.INI 2008-01-27 10:49 . 2002-10-03 13:42 34 --a--c--- C:\WINDOWS\Q3version.ini 2008-01-24 09:16 . 2004-12-14 08:07 708,608 -ra--c--- C:\WINDOWS\system32\hpotiop.dll 2008-01-24 09:16 . 2004-12-14 08:07 278,528 -ra--c--- C:\WINDOWS\system32\hpgwiamd.dll 2008-01-24 09:16 . 2004-12-14 08:07 229,376 -ra--c--- C:\WINDOWS\system32\hpovst08.dll 2008-01-24 09:09 . 2008-01-24 09:37 68,964 --a--c--- C:\WINDOWS\hpoins05.dat 2008-01-24 09:09 . 2004-12-14 08:07 19,696 -----c--- C:\WINDOWS\hpomdl05.dat 2008-01-21 16:22 . 2008-01-21 16:22 12,518,948 -----c--- C:\avg7qt.dat 2008-01-21 16:09 . 2008-02-05 20:33 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AVG7 2008-01-21 16:08 . 2008-01-21 16:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-21 16:08 . 2008-02-05 20:27 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7 2008-01-20 21:26 . 2008-01-28 20:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-20 19:53 . 2008-01-20 19:53 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\ICAClient 2008-01-19 09:16 . 2008-01-27 08:40 <DIR> d-------- C:\Program Files\DivX 2008-01-19 07:27 . 2008-01-27 09:10 5,632 --ahsc--- C:\WINDOWS\system32\Thumbs.db 2008-01-18 21:08 . 2008-01-18 21:08 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\IObit 2008-01-14 21:20 . 2008-01-14 21:21 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Vso 2008-01-14 21:20 . 2008-01-14 21:20 47,360 --a--c--- C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-14 21:20 . 2008-01-14 21:21 47,360 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\pcouffin.sys 2008-01-12 18:42 . 2008-01-12 18:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\snap 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\STATES 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\SHOTS 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ROMDATA 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\INPUT 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\EEPROM 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CONFIG 2008-01-12 18:27 . 2008-01-12 18:27 <DIR> d----c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\CHEATS 2008-01-12 18:27 . 2008-01-12 18:38 25 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\RomInfo.dat 2008-01-12 18:27 . 2008-01-12 18:39 0 --a--c--- C:\Documents and Settings\HP_Owner.YOUR-03667082DE\FAVORITES.DAT 2008-01-12 07:03 . 2008-01-12 07:09 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a--c--- C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-02-06 04:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-06 04:13 --------- d-----w C:\Program Files\Blubster 2008-02-03 17:15 --------- d-----w C:\Program Files\iTunes 2008-02-03 17:15 --------- d-----w C:\Program Files\iPod 2008-02-03 17:14 --------- d-----w C:\Program Files\QuickTime 2008-01-29 04:41 --------- d-----w C:\Program Files\MSBuild 2008-01-29 04:41 --------- d-----w C:\Program Files\Microsoft Works 2008-01-27 19:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-27 19:34 12,632 -c--a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-27 17:18 --------- d-----w C:\Program Files\SpywareBlaster 2008-01-27 16:47 15,582 -c--a-w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\wklnhst.dat 2008-01-24 17:34 --------- d-----w C:\Program Files\Common Files\HP 2008-01-24 17:32 --------- d-----w C:\Program Files\HP 2008-01-24 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2008-01-24 16:57 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-24 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-21 22:18 --------- d-----w C:\Program Files\InterVideo 2008-01-20 01:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-01-20 01:08 --------- d-----w C:\Program Files\Spyware Terminator 2008-01-19 22:19 --------- d-----w C:\Program Files\WinClamAVShield 2008-01-19 05:06 --------- d-----w C:\Program Files\IObit 2008-01-12 15:03 --------- d-----w C:\Program Files\Common Files\Scanner 2008-01-10 23:21 --------- d-----w C:\Program Files\SpywareGuard 2008-01-07 04:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Apple Computer 2008-01-05 22:42 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Comodo 2008-01-05 22:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo 2008-01-05 19:14 --------- d-----w C:\Program Files\EsetOnlineScanner 2008-01-04 16:24 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo 2008-01-04 16:09 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Spyware Terminator 2008-01-02 21:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-01-02 21:30 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Sereniti 2008-01-02 21:26 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-12-31 06:29 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Yahoo! 2007-12-31 06:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-30 22:27 --------- d-----w C:\Program Files\Common Files\xing shared 2007-12-30 22:26 --------- d-----w C:\Program Files\Common Files\Real 2007-12-30 17:48 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Motive 2007-12-30 17:23 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SUPERAntiSpyware.com 2007-12-30 01:05 --------- d-----w C:\Program Files\WindSolutions 2007-12-29 16:44 --------- d-----w C:\Program Files\interMute 2007-12-29 03:53 138,752 -c--a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-12-27 20:38 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AdobeUM 2007-12-27 04:39 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTransPhoto 2007-12-27 03:53 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\CopyTrans 2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\SyncGuardian 2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iLibs 2007-12-27 03:21 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\iCloner 2007-12-27 02:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Talkback 2007-12-27 01:24 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Template 2007-12-27 01:19 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\Viewpoint 2007-12-27 01:18 --------- dc----w C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL 2007-12-27 01:14 1,865 -csha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PP164AA-ABA a810n_YC_0Pavi_QMXM503_E51NAheBLU3_47_ISalmon_SASU STek Computer INC._V1.04_B3.04_T041029_WXH2_L409_M384_J160_7AMD_ 8Athlon 64_92.41_#060605_N10390900_Z11C1048C_G10396330.MRK 2007-12-27 01:06 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2007-12-27 01:05 --------- d-----w C:\Program Files\SiS VGA Utilities V3.63 2007-12-26 17:23 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\SiteAdvisor 2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\PC Suite 2007-12-26 17:06 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nokia 2007-12-26 17:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Suite 2007-12-26 17:05 --------- d-----w C:\Program Files\DIFX 2007-12-26 17:04 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-12-26 17:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations 2007-12-25 05:56 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\FileVOoM 2007-12-25 05:56 --------- d-----w C:\Program Files\iPod Download 2007-12-20 22:22 --------- d-----w C:\Program Files\Premium Booster 2007-12-20 22:16 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\iolo 2007-12-20 22:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo 2007-12-19 02:45 16,750 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-12-17 15:47 572 -c--a-w C:\Documents and Settings\HP_Owner\RomInfo.dat 2007-12-15 19:41 --------- d-----w C:\Program Files\Google 2007-12-14 23:00 --------- d-----w C:\Program Files\Norton Security Scan 2007-12-12 03:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-12 00:20 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AVG7 2007-12-10 18:34 1,824 -c--a-w C:\reg_AppID_CLSID.reg,.reg 2007-12-10 17:57 --------- d-----w C:\Program Files\Windows Installer Clean Up 2007-12-10 17:57 --------- d-----w C:\Program Files\MSECACHE 2007-12-09 21:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 09:26 721,920 -c--a-w C:\WINDOWS\system32\lsasrv.dll 2007-07-05 23:03 47,104 -c--a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2007-07-05 23:03 1,686,016 -c--a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2007-07-05 18:48 39,424 -c--a-w C:\WINDOWS\Internet Logs\xDBAC.tmp 2007-07-05 18:48 1,675,264 -c--a-w C:\WINDOWS\Internet Logs\xDBAD.tmp 2007-07-05 17:00 1,673,216 -c--a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2007-07-05 16:42 1,670,144 -c--a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2007-07-05 16:29 41,984 -c--a-w C:\WINDOWS\Internet Logs\xDBA8.tmp 2007-07-05 16:28 1,668,096 -c--a-w C:\WINDOWS\Internet Logs\xDBA9.tmp 2007-07-05 03:29 1,667,584 -c--a-w C:\WINDOWS\Internet Logs\xDBA7.tmp 2007-07-05 00:40 33,792 -c--a-w C:\WINDOWS\Internet Logs\xDBA6.tmp 2007-07-04 21:11 23,552 -c--a-w C:\WINDOWS\Internet Logs\xDBA5.tmp 2007-07-04 20:51 34,304 -c--a-w C:\WINDOWS\Internet Logs\xDBA4.tmp 2007-07-04 15:37 31,744 -c--a-w C:\WINDOWS\Internet Logs\xDBA3.tmp 2007-07-04 05:21 40,960 -c--a-w C:\WINDOWS\Internet Logs\xDBA1.tmp 2007-07-04 05:21 1,659,392 -c--a-w C:\WINDOWS\Internet Logs\xDBA2.tmp 2007-07-03 22:58 36,864 -c--a-w C:\WINDOWS\Internet Logs\xDBA0.tmp 2007-07-03 15:41 42,496 -c--a-w C:\WINDOWS\Internet Logs\xDB9F.tmp 2007-07-03 02:53 28,160 -c--a-w C:\WINDOWS\Internet Logs\xDB9E.tmp 2007-07-03 01:45 39,936 -c--a-w C:\WINDOWS\Internet Logs\xDB9D.tmp 2007-07-02 21:36 53,248 -c--a-w C:\WINDOWS\Internet Logs\xDB9C.tmp 2007-07-02 18:46 32,768 -c--a-w C:\WINDOWS\Internet Logs\xDB9A.tmp 2007-07-02 18:46 1,623,552 -c--a-w C:\WINDOWS\Internet Logs\xDB9B.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360] "AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 05:17 50776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 19:43 233472] "SiSPower"="SiSPower.dll" [2004-09-24 08:49 49152 C:\WINDOWS\system32\SiSPower.dll] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-05 20:26 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] --a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] --a--c--- 2005-07-12 05:17 50776 C:\Program Files\America Online 9.0\AOL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] --a------ 2008-02-05 20:27 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run] --a------ 2008-02-05 20:26 219136 C:\PROGRA~1\Grisoft\AVG7\avgw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2007-04-12 13:23 42032 C:\Program Files\Common Files\AOL\1199309204\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] --a--c--- 2004-06-07 17:42 659456 C:\WINDOWS\system32\hphmon06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 17:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a--c--- 2004-08-20 21:55 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a------ 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] --a--c--- 2007-11-04 12:21 2832384 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a--c--- 2006-10-18 11:36 1294336 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-12-30 14:26 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 07:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a--c--- 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVG Anti-Spyware Guard"=2 (0x2) R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-28 19:53] S1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilib b.sys [] . Contents of the 'Scheduled Tasks' folder "2008-02-06 02:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-07 16:45:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-01-04 23:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 09:03:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-02-07 9:05:58 ComboFix-quarantined-files.txt 2008-02-07 17:05:55 ComboFix2.txt 2008-02-04 04:12:10 . 2007-12-27 05:09:38 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:56:16 AM, on 2/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7332 bytes |
|
|
|
|
02-07-2008, 08:39 PM
|
#6 (permalink) |
|
Diamond Member
Join Date: Jan 2007
Location: France
Age: 18
Posts: 4,730
|
It seems to me you are clean, let's wait for Ceewi1 to confirm that you are clean, that way nothing will be forgotten
__________________
Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be
guess that's hard for others to see |
|
|
|
|
02-07-2008, 09:20 PM
|
#7 (permalink) |
|
Silver Member
Join Date: Sep 2005
Age: 21
Posts: 112
|
scaned computer with Kaspery online scanner
I found some viruses when I scanned with kaspersy online scanner which was recommend by another forum to use. The problem with Kaspersy it will not delete the viruses that it finds. I ran avg free edition and it did not find what kaspersy found. Here is the log file from kaspersy and can you help me delete the infected files if you can.
KASPERSKY ONLINE SCANNER REPORT Thursday, February 07, 2008 1:24:47 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/02/2008 Kaspersky Anti-Virus database records: 553461 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 105070 Number of viruses found 2 Number of infected objects 14 Number of suspicious objects 0 Duration of the scan process 02:25:41 Infected Object Name Virus Name Last Action C:\043e074d46fc5616ff650819eb\admparse.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\advpack.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\browseui.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\corpol.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\custsat.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\dxtmsft.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\dxtrans.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\extmgr.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\hmmapi.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\icardie.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\icrav03.rat Object is locked skipped C:\043e074d46fc5616ff650819eb\ie4uinit.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\ieakeng.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieaksie.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieakui.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieapfltr.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\iedkcs32.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\iedw.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\ieencode.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieframe.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\iepeers.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieproxy.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\iernonce.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\iertutil.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\iesetup.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieudinit.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\ieui.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\ieuinit.inf Object is locked skipped C:\043e074d46fc5616ff650819eb\iexplore.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\imgutil.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\inetcpl.cpl Object is locked skipped C:\043e074d46fc5616ff650819eb\inseng.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\install.ins Object is locked skipped C:\043e074d46fc5616ff650819eb\jscript.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\jsproxy.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\licmgr10.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\msfeeds.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\msfeeds.mof Object is locked skipped C:\043e074d46fc5616ff650819eb\msfeedsbs.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\msfeedsbs.mof Object is locked skipped C:\043e074d46fc5616ff650819eb\msfeedssync.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\mshta.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\mshtml.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\mshtml.tlb Object is locked skipped C:\043e074d46fc5616ff650819eb\mshtmled.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\mshtmler.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\msls31.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\msrating.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\mstime.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\occache.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\occache.ini Object is locked skipped C:\043e074d46fc5616ff650819eb\pngfilt.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\shdocvw.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\shlwapi.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\spmsg.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\spuninst.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\spupdsvc.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\tdc.ocx Object is locked skipped C:\043e074d46fc5616ff650819eb\ticrf.rat Object is locked skipped C:\043e074d46fc5616ff650819eb\update\idndl.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\update\ie7.cat Object is locked skipped C:\043e074d46fc5616ff650819eb\update\iecustom.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\update\iereseticons. exe Object is locked skipped C:\043e074d46fc5616ff650819eb\update\iesetup.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\update\legitlibm.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\update\nlsdl.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\update\update.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\update\update.exe.ma nifest Object is locked skipped C:\043e074d46fc5616ff650819eb\update\update.inf Object is locked skipped C:\043e074d46fc5616ff650819eb\update\update.ver Object is locked skipped C:\043e074d46fc5616ff650819eb\update\updspapi.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\update\xmllitesetup. exe Object is locked skipped C:\043e074d46fc5616ff650819eb\url.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\urlmon.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\vbscript.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\vgx.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\webcheck.dll Object is locked skipped C:\043e074d46fc5616ff650819eb\webcheck.ini Object is locked skipped C:\043e074d46fc5616ff650819eb\winfxdocobj.exe Object is locked skipped C:\043e074d46fc5616ff650819eb\wininet.dll Object is locked skipped C:\59bf4a9c2f748ab7d195\%temp%dd_msxml_retMSI.txt Object is locked skipped C:\a10df8ce04187dd6d3a6\msxml4-KB927978-enu.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\APP10708.LST Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\saltonsea5\MyDB.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\saltonsea5\STYLE.LST Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\saltonsea5\toolbar.lst Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\idb\SNMaster.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\CACHE\saltonse00 Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\saltonsea5 Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\saltonsea5.abi Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\Ca_America Online 9.0b\organize\saltonsea5.aby Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16ea0f0849df 5db21e9a044984813fe2_24163d36-083b-4600-af43-d01a342a2a36 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e 9195496f0b92ff8bcf4b_24163d36-083b-4600-af43-d01a342a2a36 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e 9195496f0b92ff8bcf4b_564fe74f-3c59-4fc2-86be-395800ce3141 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e 9195496f0b92ff8bcf4b_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e 9195496f0b92ff8bcf4b_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e073076d402 5f6747e62e73b9190a5a_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f793388b8c5 e3727db26d5063fac66d_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48a54b32cb5b 5d1c9912330b696832fe_564fe74f-3c59-4fc2-86be-395800ce3141 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48a54b32cb5b 5d1c9912330b696832fe_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e96 0fa97de3d0b74adfc574_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a5bdc912aac 5d26cd90c151d6012f31_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6602555dbd27 ee7adaa8c12db65c2c32_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e47af02614c 484e33df52e3a317734f_24163d36-083b-4600-af43-d01a342a2a36 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4c965d5d956 15fff7de4797428bbbb8_79c2f34f-f6e3-4e81-85ad-d90679603a9f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d730827781e6 0ae26fbf339d23c709e1_612ee592-8f63-4079-a3d9-f4d7e179859e Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11042006-074710.log Object is locked skipped C:\Documents and Settings\All Users\Documents\Fonts\SwUniNew.tff Object is locked skipped C:\Documents and Settings\All Users\Documents\Softwrap\OPTISOFTSL260F\CDBurner.s w2 Object is locked skipped C:\Documents and Settings\HP_Owner\Application Data\Spyware Terminator\info.htm Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\Apps.Lst Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\art.idx Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\sap.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\spool.lst Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Application Data\AOL\Ca_America Online 9.0b\IDB\sysnews.lst Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\History\History.IE5\MSHist012008020720080 208\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Temp\~DFE614.tmp Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Owner.YOUR-03667082DE\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe Infected: Trojan.Win32.Agent.efb skipped C:\Downloads\AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar RAR: infected - 3 skipped C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar/keygen.exe Infected: Trojan.Win32.Agent.efb skipped C:\Downloads\rebuilt.AVG Anti-Virus Professional Edition Latest v7.5.516 + Key.rar RAR: infected - 3 skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20071226-065056-440.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped C:\Program Files\Yahoo!\YPSR\Quarantine\20061220224155.zip Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\20070507002500.zip Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq159.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15B.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15C.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15D.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15E.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15F.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BA.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BC.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2BE.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C0.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C2.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C3.tmp\zbar.log Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C4.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C5.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C6.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C7.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C8.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C9.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CA.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CB.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2CC.tmp Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat Object is locked skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035578.exe Object is locked skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035634.exe Object is locked skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe Rsrc-Package: infected - 2 skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe UPX: infected - 2 skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP68\A0035641.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP78\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped |
