Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected- Surfsidekick


  • This topic is locked This topic is locked
10 replies to this topic

#1 Matt Rogers

Matt Rogers

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 25 August 2006 - 07:27 PM

I went through the tutorial of removing SurfSideKick and it still keeps showing up. If anyone can help I would greatly appreciate it. Here is my HiJackThis log file

Matt


Logfile of HijackThis v1.99.1
Scan saved at 7:24:26 PM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Microsoft Works\msworks.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKSCAL.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Aaron\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {DA996EE8-A748-4E66-8D47-68C2B5E30750} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Net Logon Service (NetLgn) - Unknown owner - C:\WINDOWS\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

BC AdBot (Login to Remove)

 


#2 Navigator

Navigator

    Gas Passer


  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 25 August 2006 - 08:23 PM

Hello Matt...welcome to BC's HJT forum!

The reason you cannot get rid of SSK is that you also have an L2M infection...this may take a few steps to try and clean.

Please keep your replies in this thread, and ask me if you have questions as we go along!

Let's get started:

1. Download this file from either of the two listed locations:

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back with the ComboFix Log and a new HJT log for me to review...
Posted Image

#3 Matt Rogers

Matt Rogers
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 25 August 2006 - 10:56 PM

I downloaded and ran combofix and crazy things started happening, computer shut off and then when I tried to sign back in on my login to windows it told me my domain did not exist. Rebooted to safe moded combo fix came up and ran again. after that rebooted and was able to log on and this is the fastest the computer has ever run since I can remember. So I am including both combo fix logfiles for you to examine plus the hijackthis logfile. Thank so much for quick reply.

Matt

Logfile of HijackThis v1.99.1
Scan saved at 22:53, on 06-08-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Aaron\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {DA996EE8-A748-4E66-8D47-68C2B5E30750} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Net Logon Service (NetLgn) - Unknown owner - C:\WINDOWS\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe





Matt Rogers - 06-08-25 22:01:55.85
ComboFix 06.08.24 - Running from: C:\Program Files\Mozilla Firefox

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-23 06:20 2 --a------ C:\WINDOWS\system32\wnscpsu.exe
2006-07-20 16:32 350 --a------ C:\WINDOWS\hhjkg.dll
2006-07-16 20:51 53 --a------ C:\WINDOWS\ovlpep.dat
2006-06-11 22:57 8464 --a------ C:\WINDOWS\system32\sporder.dll


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


07/20/2006 04:32 PM 350 hhjkg.dll.qoo
07/16/2006 08:51 PM 53 ovlpep.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Aaron\Application Data\Sskknwrd.dll
C:\Documents and Settings\Aaron\Desktop\Requested Files\SskBho.dll
C:\Documents and Settings\Matt Rogers\Application Data\Sskdmns.dll
C:\Documents and Settings\Matt Rogers\Application Data\Sskknwrd.dll
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\Common Files\mc-110-12-0000140.exe
C:\Program Files\Common Files\Download\mc-110-12-0000228b.exe
C:\Program Files\Common Files\download
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\DNS
C:\Program Files\TClock
C:\Program Files\windows
C:\Program Files\Common Files\{24AFB1E0-0AF0-1033-0525-040405060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\STEM~1\taskmgr.exe
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2008-24-06 to 2008/25/2006 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2012/10/2002 06:13 PM 7552 --a------ C:\WINDOWS\system32\drivers\tiumflt.sys
2012/05/2003 09:53 PM 68352 --a------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2010/27/2003 03:59 PM 13842 --a------ C:\WINDOWS\system32\drivers\atisgkaf.SYS
2010/24/2003 03:53 PM 90416 --a------ C:\WINDOWS\system32\drivers\meiudf.sys
2010/22/2003 10:15 PM 24698 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2009/29/2004 05:28 PM 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2009/22/2004 06:46 PM 18944 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2009/16/2004 03:17 PM 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2009/10/2001 07:09 PM 57392 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"TPSMain"="TPSMain.exe"
"TFncKy"="TFncKy.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,f0,00,00,00,00,00,00,00,90,01,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vesupr"="C:\\WINDOWS\\system32\\M?crosoft\\mmc.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{24AFB1E0-0AF0-1033-0525-040405060001}"="\"C:\\Program Files\\Common Files\\{24AFB1E0-0AF0-1033-0525-040405060001}\\Update.exe\" mc-110-12-0000488"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vesupr"="C:\\WINDOWS\\system32\\M?crosoft\\mmc.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{24AFB1E0-0AF0-1033-0525-040405060001}"="\"C:\\Program Files\\Common Files\\{24AFB1E0-0AF0-1033-0525-040405060001}\\Update.exe\" mc-110-12-0000488"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"AlfaCleaner"="C:\\Program Files\\AlfaCleaner\\AlfaCleaner.exe"
"webscan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 08/25/2006 22:24:37.64
ComboFix.txt
ComboFix2.txt


Matt Rogers - 06-08-25 22:01:55.85
ComboFix 06.08.24 - Running from: C:\Program Files\Mozilla Firefox

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-23 06:20 2 --a------ C:\WINDOWS\system32\wnscpsu.exe
2006-07-20 16:32 350 --a------ C:\WINDOWS\hhjkg.dll
2006-07-16 20:51 53 --a------ C:\WINDOWS\ovlpep.dat
2006-06-11 22:57 8464 --a------ C:\WINDOWS\system32\sporder.dll


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


07/20/2006 04:32 PM 350 hhjkg.dll.qoo
07/16/2006 08:51 PM 53 ovlpep.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Aaron\Application Data\Sskknwrd.dll
C:\Documents and Settings\Aaron\Desktop\Requested Files\SskBho.dll
C:\Documents and Settings\Matt Rogers\Application Data\Sskdmns.dll
C:\Documents and Settings\Matt Rogers\Application Data\Sskknwrd.dll
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\Common Files\mc-110-12-0000140.exe
C:\Program Files\Common Files\Download\mc-110-12-0000228b.exe
C:\Program Files\Common Files\download
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\DNS
C:\Program Files\TClock
C:\Program Files\windows
C:\Program Files\Common Files\{24AFB1E0-0AF0-1033-0525-040405060001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\STEM~1\taskmgr.exe
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2008-24-06 to 2008/25/2006 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2012/10/2002 06:13 PM 7552 --a------ C:\WINDOWS\system32\drivers\tiumflt.sys
2012/05/2003 09:53 PM 68352 --a------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2010/27/2003 03:59 PM 13842 --a------ C:\WINDOWS\system32\drivers\atisgkaf.SYS
2010/24/2003 03:53 PM 90416 --a------ C:\WINDOWS\system32\drivers\meiudf.sys
2010/22/2003 10:15 PM 24698 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2009/29/2004 05:28 PM 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2009/22/2004 06:46 PM 18944 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2009/16/2004 03:17 PM 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2009/10/2001 07:09 PM 57392 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"TPSMain"="TPSMain.exe"
"TFncKy"="TFncKy.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,f0,00,00,00,00,00,00,00,90,01,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vesupr"="C:\\WINDOWS\\system32\\M?crosoft\\mmc.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{24AFB1E0-0AF0-1033-0525-040405060001}"="\"C:\\Program Files\\Common Files\\{24AFB1E0-0AF0-1033-0525-040405060001}\\Update.exe\" mc-110-12-0000488"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vesupr"="C:\\WINDOWS\\system32\\M?crosoft\\mmc.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"{24AFB1E0-0AF0-1033-0525-040405060001}"="\"C:\\Program Files\\Common Files\\{24AFB1E0-0AF0-1033-0525-040405060001}\\Update.exe\" mc-110-12-0000488"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"AlfaCleaner"="C:\\Program Files\\AlfaCleaner\\AlfaCleaner.exe"
"webscan"="\"C:\\Program Files\\Acceleration Software\\Anti-Virus\\stopsignav.exe\" -k"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 08/25/2006 22:24:37.64
ComboFix.txt
ComboFix2.txt

#4 Navigator

Navigator

    Gas Passer


  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 25 August 2006 - 11:30 PM

Hello Matt....good job..that cleaned a lot. I believe you posted the same ComboFix scan result twice, but that's OK...

1. First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

sc stop NetLgn
sc delete NetLgn
exit


Double click FixServices.bat. A window will open and close. This is normal.

3. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present):

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {DA996EE8-A748-4E66-8D47-68C2B5E30750} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
O23 - Service: Net Logon Service (NetLgn) - Unknown owner - C:\WINDOWS\spoolsv.exe (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.

Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Please delete these folders using Windows Explorer (if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed folders, then right-click to select them and click delete


C:\Program Files\SurfSideKick 3


5. Please delete these files using Windows Explorer (if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed files, then right-click to select them and click delete:


C:\WINDOWS\spoolsv.exe<==DO NOT delete the system32 file of the same name as that is a legitimate file!


6. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode .
7. Post the results of the ewido report scan and a new HJT log for me to review...
Posted Image

#5 Matt Rogers

Matt Rogers
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 26 August 2006 - 08:51 PM

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:47 06-08-26

+ Scan result:



C:\Documents and Settings\Aaron\Local Settings\Temp\Tspd.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\stub_sca3[1].exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\cfg32[1].exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Program Files\Batty\Batty.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\Batty\Batty.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron\Application Data\WіnSxS\ping.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Αdobe\arpa.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\Installer[3].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron\Desktop\Requested Files\__delete_on_reboot__a_l_g_._e_x_e_ -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Aaron\My Documents\Міcrosoft\__delete_on_reboot__a_l_g_._e_x_e_ -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\STEM~1\taskmgr.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\gkyukar[1].cab/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
HKU\S-1-5-21-1176266532-2927574897-463710637-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\gkyukar[1].cab/nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\gkyukar[1].cab/ssn6tuu.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1176266532-2927574897-463710637-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1176266532-2927574897-463710637-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Toolbar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\ZIGID003[1].exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sajyd.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\vilegezyz.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.316:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.637:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\asyd2ktz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.807:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.605:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.606:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.611:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.254:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.255:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.256:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.257:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.258:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.259:C:\Documents and Settings\Matt Rogers\Application Data\Mozilla\Firefox\Profiles\7tipiiew.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

Logfile of HijackThis v1.99.1
Scan saved at 20:44, on 06-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Aaron\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

#6 Navigator

Navigator

    Gas Passer


  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 August 2006 - 09:14 PM

Hello Matt...excellent!

Your HJT log appears clean...how is your computer runnning? Any problems?

Let's check one online scan, and I want to see your uninstall list:

1. Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


2. Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
3. Post the contents of the ActiveScan report and the HJT uininstall list, and let me know of any issues with your system...
Posted Image

#7 Matt Rogers

Matt Rogers
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 27 August 2006 - 05:57 PM

I could not get activescan to work. It would stop at the point it said the scan had started, never asked me where to scan. Here is the unistall log. The computer is running great haven't had a pop up since the last hijack scan and fix.

Matt

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AOL Instant Messenger
AT&T Connection Services Manager
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Virus 7.1
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
C-Dilla Licence Management System
Digitool Utility Version 3.42 (remove only)
Direct Show Ogg Vorbis Filter (remove only)
DVD-RAM Driver
ewido anti-spyware 4.0
G-Force
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Icons
InterVideo WinDVD for Toshiba
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LimeWire PRO 4.10.9
LiveUpdate 1.90 (Symantec Corporation)
Logitech Gaming Software
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Works 7.0
Mozilla Firefox (1.5.0.6)
PCI 1620 Cardbus Controller and Software
Quicken 2004
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Burn Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Shockwave
Software Suite
Sonic DLA
Sonic RecordNow!
Sony Sound Forge 7.0
Spybot - Search & Destroy 1.4
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
StuffIt Standard
Sunbelt Kerio Personal Firewall
Synaptics Pointing Device Driver
Thrustmaster Calibration Tool
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA Utilities
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
WhiteCap
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
XviD 1.1 final uninstall
Yahoo! Widget Engine
Yahoo! Widget Engine
Yazzle by OIN
ZIP Reader 8.00.0018

#8 Navigator

Navigator

    Gas Passer


  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 27 August 2006 - 06:46 PM

Hey Matt....odd about Panda. Have you scanned your system recently with AVG? Does it find anything? I'll give you another online scanner to try and use below, but if your up-to-date AVG doesn't find anything and your computer is running well, you can skip that if you want

While it is not my place to tell you what to do, you have LimeWire, a P2P/file sharing programs installed on your computer. P2p apps like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs are here: http://www.microsoft.com/windows/ie/commun...protection.mspx here: http://www.techweb.com/wire/160500554 and here: http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire, however that choice is obviously up to you. If you choose to remove this programs, you can do so via Control Panel >> Add or Remove Programs along with the other program removals below.


1. Please go to:
  • start
  • control panel
  • add/remove programs
Find and remove these programs (if they are present)
  • Yazzle by OIN<== (and anything else you find by OIN for that matter)
  • J2SE Runtime Environment 5.0 Update 3
  • J2SE Runtime Environment 5.0 Update 6
  • Java 2 Runtime Environment, SE v1.4.2_03
  • LimeWire<==Your OPTION


Reboot your computer.

2. Update Java Version
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.<== scroll down the list to find THIS entry
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install latest Java Version:
  • From your desktop, double-click on jre-1_5_0_08-windows-i586-p to install the newest version.
3. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
4. If you do the Kaspersky scan, post back with that result....if you do not, post back and let me know how your system is running. If it's still doing well, we can finish up....
Posted Image

#9 Matt Rogers

Matt Rogers
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 29 August 2006 - 10:31 PM

I will most likely unistall Limewire. Thanks for the info on it. I didn't realize how malacious it is. Here is the virus scan log. Thank you so much for your help, it is deeply appreciated.

Matt

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06-08-29 09:41
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/08/2006
Kaspersky Anti-Virus database records: 219244
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 84875
Number of viruses found: 24
Number of infected objects: 197 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:32:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-17ccc910.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-17ccc910.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-17ccc910.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-160dd9ae-17ccc910.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3d9c8be1.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3d9c8be1.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3d9c8be1.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Aaron\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-516ac74a-3d9c8be1.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Aaron\Local Settings\Temp\axsetup1.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\Documents and Settings\Aaron\Local Settings\Temp\axsetup1.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Aaron\Local Settings\Temp\setup.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.n skipped
C:\Documents and Settings\Aaron\Local Settings\Temp\setup.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Aaron\Local Settings\Temp\setup.exe/stream Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Aaron\Local Settings\Temp\setup.exe NSIS: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34ea9bf3bf4d34b48d7a3ba163d19d22_417b0159-799a-4b36-b5d6-877aa9b61395 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\116[1].avi/stream/data0001/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\116[1].avi/stream/data0001 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\116[1].avi/stream Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\116[1].avi NSIS: infected - 3 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\dfndre_5[2].exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\drsmart7[2].zip Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar/comserv.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\exec2[1].zip RarSFX: infected - 7 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\execlib5[1].exe/data.rar/cmdmgr3.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\execlib5[1].exe/data.rar/cmdmgr3.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\execlib5[1].exe/data.rar/cmdmgr3.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\execlib5[1].exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\execlib5[1].exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[1].avi/data0004/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[1].avi/data0004 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[1].avi NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[1].avi UPX: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[1].avi PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[3].avi/data0004/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[3].avi/data0004 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[3].avi NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[3].avi UPX: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\maxidr[3].avi PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\tbfp[1].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\tbfp[1].avi NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\tbfp[3].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OZUNKJYN\tbfp[3].avi NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\dfndrad_5[1].exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\drsmart7[1].argu Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar/cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar/cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar/cmdmgr.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar/comserv.exe Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.ch skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\exec4[1].zip RarSFX: infected - 7 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\installer[2].exe/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\installer[2].exe Inno: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\mc-110-12-0000228[1].exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\mc-110-12-0000228[1].exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\mc-110-12-0000228[1].exe NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\smartdll[1].zip Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\tbfp[1].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\tbfp[1].avi NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\tbfp[2].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ROBDM69A\tbfp[2].avi NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip/data.rar/manager.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip/data.rar/manager.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip/data.rar/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip/data.rar/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip/data.rar/errorfix.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[1].zip RarSFX: infected - 6 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip/data.rar/manager.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip/data.rar/manager.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip/data.rar/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip/data.rar/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip/data.rar/errorfix.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\4994comhost[2].zip RarSFX: infected - 6 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip/data.rar/manager.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip/data.rar/manager.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip/data.rar/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip/data.rar/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip/data.rar/booterror.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\comhost[1].zip RarSFX: infected - 6 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\distins[1].rth/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\distins[1].rth/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\distins[1].rth/mc-110-12-0000515.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\distins[1].rth/mc-110-12-0000515.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\distins[1].rth Instyler: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\frandugal2[1].zip/data.rar/comsonie.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\frandugal2[1].zip/data.rar/cmdmgr3.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\frandugal2[1].zip/data.rar/cmdmgr3.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\frandugal2[1].zip/data.rar/cmdmgr3.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\frandugal2[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\frandugal2[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\maxidr[1].avi/data0004/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\maxidr[1].avi/data0004 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\maxidr[1].avi NSIS: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\maxidr[1].avi UPX: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\maxidr[1].avi PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\Mendoza1[1].exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\Mendoza1[1].exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\Mendoza1[1].exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\Mendoza1[1].exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\Mendoza1[1].exe NSIS: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\tbfp[1].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U9KPWR4X\tbfp[1].avi NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\comber[1].zip/data.rar/manager.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\comber[1].zip/data.rar/manager.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\comber[1].zip/data.rar/booterror.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\comber[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\comber[1].zip RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\drsmart7[1].argu Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\smartdll[1].zip Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\tbfp[1].avi/data0002 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\tbfp[1].avi NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\windowsupdate[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\windowsupdate[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\windowsupdate[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\windowsupdate[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\windowsupdate[1].zip/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y5ERULS5\windowsupdate[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt Rogers\Application Data\Aim\uacfnktr\SugarCreekIntern\cert8.db Object is locked skipped
C:\Documents and Settings\Matt Rogers\Application Data\Aim\uacfnktr\SugarCreekIntern\key3.db Object is locked skipped
C:\Documents and Settings\Matt Rogers\Application Data\AVG7\l_000115.log Object is locked skipped
C:\Documents and Settings\Matt Rogers\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4de84f4c-5551f660.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Matt Rogers\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4de84f4c-5551f660.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Matt Rogers\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4de84f4c-5551f660.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Matt Rogers\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4de84f4c-5551f660.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Matt Rogers\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\11\1b996a45-a4c75da0-90f0ff3f-bc7f06cb.qtch Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\History\History.IE5\MSHist012006082920060830\index.dat Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\Temp\$PBR.AVG Object is locked skipped
C:\Documents and Settings\Matt Rogers\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt Rogers\ntuser.dat Object is locked skipped
C:\Documents and Settings\Matt Rogers\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\drwin32.exe/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\drwin32.exe/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\drwin32.exe/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\drwin32.exe/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\drwin32.exe/data.rar Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\drwin32.exe RarSFX: infected - 5 skipped
C:\ntdr.com Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\setup64.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114975.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114975.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114975.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114976.exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114976.exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114976.exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114976.exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114976.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114977.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114978.exe Infected: Trojan-Downloader.Win32.Adload.cw skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114992.exe/data0004/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114992.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114992.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114992.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114992.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0114998.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0115012.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0115014.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0115015.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0115016.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP270\A0115018.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP271\A0115095.exe Object is locked skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP271\A0115096.exe Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP271\A0115098.dll Infected: not-a-virus:AdWare.Win32.CASClient.n skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP271\A0115099.exe Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\System Volume Information\_restore{1A8B1159-FBDA-495C-A535-F829CE60E6B7}\RP278\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB822624$\hal.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828012$\ntkrnlmp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828012$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828012$\ntkrnlpa.exe.000 Object is locked skipped
C:\WINDOWS\$NtUninstallKB828012$\ntkrpamp.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828012$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828012$\ntoskrnl.exe.000 Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB830680$\keymgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\WINDOWS\aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\WINDOWS\aupdate32.exe NSIS: infected - 2 skipped
C:\WINDOWS\cmdmgr.exe/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\cmdmgr.exe/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\cmdmgr.exe/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\cmdmgr.exe/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\cmdmgr.exe Instyler: infected - 4 skipped
C:\WINDOWS\comhost.exe/data.rar/manager.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\comhost.exe/data.rar/manager.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\comhost.exe/data.rar/mc-110-12-0000488.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\comhost.exe/data.rar/mc-110-12-0000488.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\comhost.exe/data.rar/errorfix.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\WINDOWS\comhost.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\WINDOWS\comhost.exe RarSFX: infected - 6 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\hostsmgr.exe QuickBatch: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PECompact: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PecBundle: infected - 1 skipped
C:\WINDOWS\hostsmgr.exe PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\manager.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\manager.exe QuickBatch: infected - 1 skipped
C:\WINDOWS\manager.exe PECompact: infected - 1 skipped
C:\WINDOWS\manager.exe PecBundle: infected - 1 skipped
C:\WINDOWS\manager.exe PE_Patch.PECompact: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9BDD8A91-0E69-4B49-97E7-EC3A4BDFB9F9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\srvbdftwcc.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\WINDOWS\srvbdftwcc.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\WINDOWS\srvbdftwcc.exe NSIS: infected - 2 skipped
C:\WINDOWS\srvlawrsff.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\WINDOWS\srvlawrsff.exe NSIS: infected - 1 skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\removefunc.ram/hostsmgr.exe/BAT Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\system32\removefunc.ram/hostsmgr.exe Infected: Trojan.BAT.KillAV.cr skipped
C:\WINDOWS\system32\removefunc.ram/mc-110-12-0000515.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\system32\removefunc.ram/mc-110-12-0000515.exe Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\WINDOWS\system32\removefunc.ram Instyler: infected - 4 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\hsperfdata_SYSTEM\932 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#10 Navigator

Navigator

    Gas Passer


  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 30 August 2006 - 07:56 PM

Hello Matt....

1. Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
2. Clear IE's Cookies and Cache
  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel Internet Options General tab.
  • Click Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.
Clear Firefox' Cookies
  • Open Firefox.
  • Click Tools Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.
Clean Temporary Files
  • Go to Start Run type: cleanmgr OK.
  • Choose (C: ) and then click OK.
  • Make sure these are the only ones that are checked :
    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.
3. Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\srvlawrsff.exe
    C:\WINDOWS\srvbdftwcc.exe
    C:\WINDOWS\hostsmgr.exe
    C:\WINDOWS\manager.exe
    C:\WINDOWS\cmdmgr.exe
    C:\WINDOWS\cmdmgr.exe/mc-110-12-0000488.exe
    C:\WINDOWS\cmdmgr.exe/hostsmgr.exe
    C:\WINDOWS\comhost.exe
    C:\WINDOWS\aupdate32.exe
    C:\setup64.exe
    C:\drwin32.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

4. After your computer reboots, run Panda's ActiveScan:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
5. Post the contents of the ActiveScan report, a new HJT log and let me know how your system is running...
Posted Image

#11 Navigator

Navigator

    Gas Passer


  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 20 September 2006 - 10:35 PM

While we appreciate you may be busy, it has been over 2 weeks since you have replied and this thread will be closed.

If you require it to be re-opened, please contact a forum moderator.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users