Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Three Trojans!


  • Please log in to reply
7 replies to this topic

#1 j_a_m_i_e

j_a_m_i_e

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 18 August 2007 - 08:14 AM

Hi, I am using windows xp media center edition. Everytime I log onto my computer Norton antivirus picks up three different viruses! I believe that they must have came from the same place. I now get unwanted pop-ups and my pc runs slow:( the virus names are Trojan.Nebuler, Trojan.Vundo and Trojan Horse. Any help would be very much appreciated - thnx

My hijack is posted below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:46, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061010
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=5061010
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: lsass.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14507 bytes

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 AM

Posted 23 August 2007 - 10:03 AM

Hi j_a_m_i_e,

You're infected with at least one information-stealing trojan. If you do any online banking or other transactions you should immediately get to a known clean computer and change your passwords. Any site that includes exchange of money or other goods needs a new password and once we get you clean you should go through and change all passwords for all sites, forums like this one included. You should also seriously consider a reformat. More info here:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.
Please download Combofix to your desktop.

Doubleclick ComboFix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.

Post this log in your next reply along with a new HijackThis log.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#3 j_a_m_i_e

j_a_m_i_e
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 24 August 2007 - 11:04 AM

okay so heres the three logs:

SDFIX:

SDFix: Version 1.100

Run by Jamie on 24/08/2007 at 16:31

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Jamie\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
C:\Documents and Settings\Jamie\Local Settings\Temp\win27.tmp.exe - Deleted
C:\Documents and Settings\Jamie\Local Settings\Temp\win2B.tmp.exe - Deleted
C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\lsass.lnk - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
--------------------------------------------------------------------------------
COMBOFIX:

ComboFix 07-08-17.2 - "Jamie" 2007-08-24 16:45:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.552 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\llkkj.tmp
C:\WINDOWS\system32\winbue32.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-24 16:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 16:30 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-24 11:15 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-08-24 11:15 40,960 --a------ C:\WINDOWS\system32\F5D7051.dll
2007-08-24 11:15 29,184 --a------ C:\WINDOWS\system32\drivers\RNDISMPK.sys
2007-08-24 11:15 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-24 11:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-08-24 11:15 13,824 --a------ C:\WINDOWS\system32\drivers\usb8023k.sys
2007-08-24 11:15 1,396,831 --a------ C:\WINDOWS\system32\AegisE5.dll
2007-08-24 11:15 <DIR> d-------- C:\Program Files\Belkin
2007-08-24 10:14 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\dvdcss
2007-08-21 21:04 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-08-21 21:04 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-21 21:04 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-08-21 21:04 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-21 21:04 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-08-21 21:04 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-08-21 21:04 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-08-21 21:04 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-08-21 21:04 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-21 21:02 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-08-21 21:02 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-08-21 16:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-18 12:10 <DIR> d-------- C:\DOCUME~1\Jamie\.housecall6.6
2007-08-18 11:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-17 16:31 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-08-15 18:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-14 13:44 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-14 13:44 <DIR> d-------- C:\Program Files\DAP
2007-08-11 11:55 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\vlc
2007-08-11 11:53 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-10 13:45 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Internet Download Accelerator
2007-08-10 13:44 <DIR> d-------- C:\Program Files\IDA
2007-08-07 09:21 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-07 08:50 <DIR> d-------- C:\Program Files\iTunes
2007-08-07 08:50 <DIR> d-------- C:\Program Files\iPod
2007-08-07 08:48 <DIR> d-------- C:\Program Files\QuickTime
2007-08-07 08:16 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-08-07 08:16 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-08-07 08:16 28,176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2007-08-07 08:16 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-08-07 08:15 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-07 08:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 15:59 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\Xfire
2007-08-24 15:59 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\Skype
2007-08-24 15:38 --------- d-------- C:\Program Files\Steam
2007-08-23 10:35 --------- d---s---- C:\Program Files\Xfire
2007-08-22 12:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-22 12:06 --------- d-------- C:\Program Files\LimeWire
2007-08-21 21:01 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 16:19 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-20 17:40 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\teamspeak2
2007-08-20 11:28 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-12 11:09 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-07 08:47 --------- d-------- C:\Program Files\Apple Software Update
2007-08-07 08:20 88 -r-hs---- C:\WINDOWS\system32\17DCCB0248.sys
2007-08-07 08:20 6112 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-07 08:17 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-07 08:17 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-08-07 08:17 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-07 08:16 --------- d-------- C:\Program Files\Common Files\Logitech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 10:46 --------- d-------- C:\Program Files\Skype
2007-07-14 10:46 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 17:16 --------- d-------- C:\Program Files\Trend Micro
2007-07-04 17:44 --------- d-------- C:\Program Files\Norton AntiVirus
2007-07-04 17:38 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-04 17:38 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-04 17:38 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-04 17:38 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-04 17:38 --------- d-------- C:\Program Files\Symantec
2007-07-04 16:33 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\Logitech
2007-06-28 08:40 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\Google
2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-10 09:50 99904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-05-27 09:43 2277376 --a--c--- C:\WINDOWS\system32\TUKernel.exe
2006-12-18 20:51 251 --a--c--- C:\Program Files\wt3d.ini
2006-12-23 12:56:27 56 --sh--r C:\WINDOWS\system32\4802CBDC17.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 10:00 C:\WINDOWS\stsystra.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43]
"nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 14:43]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-30 13:17]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-26 21:50]

C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-07 08:15:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
R2 Packet;Auto Internet Protocol;C:\WINDOWS\system32\DRIVERS\packet.sys
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-08-17 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-10 13:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-17 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jamie.job - C:\PROGRA~1\NORTON~2\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 16:53:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-24 16:56:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-24 16:56

--- E O F ---
--------------------------------------------------------------------

HIJACK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:26, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061010
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=5061010
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13983 bytes


Thanks again.

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 AM

Posted 27 August 2007 - 12:49 PM

Hi j_a_m_i_e,

My apologies for being so late to get back to you.

I looks like all the malware that was showing in your first log has been cleared. How is the system running now?

There is one other thing I need to check out later, but in the meantime please run these scanners to see what else we have to deal with.

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please perform this online scan: Kaspersky Webscan
Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking "Save Report As HTML" Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop.
9. Post the Kaspersky scan results in your next reply.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#5 j_a_m_i_e

j_a_m_i_e
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 30 August 2007 - 01:15 AM

My system seems to be running alot better now and norton anti-virus no longer picks up the virusses. Heres my scan reports:

SuperAntiSpymware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/29/2007 at 11:16 AM

Application Version : 3.9.1008

Core Rules Database Version : 3294
Trace Rules Database Version: 1305

Scan type : Complete Scan
Total Scan Time : 00:02:26

Memory items scanned : 436
Memory threats detected : 0
Registry items scanned : 437
Registry threats detected : 0
File items scanned : 830
File threats detected : 0

----------------------------------------------------------------------------

Kasperksy:

Thursday, August 30, 2007 7:09:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/08/2007
Kaspersky Anti-Virus database records: 398252


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 114543
Number of viruses found 18
Number of infected objects 70
Number of suspicious objects 2
Duration of the scan process 02:23:37

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/win25.tmp.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-08-29_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02051AA9 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03B30762 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\058B7598.dl_ Infected: not-a-virus:AdWare.Win32.RK.m skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0625645C.dl_ Infected: not-a-virus:AdWare.Win32.RK.m skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB66C1C Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E397B8C.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E480603 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13945DA7.dll Infected: Trojan.Win32.Agent.avy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA32DA1 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26576CF5.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\287526A1.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AC12C1A.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D50546F Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\333B4C34.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\370B5602.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37690636 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38F11408.dll Infected: not-a-virus:AdWare.Win32.RK.m skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43677EF6.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43D6127B.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43EA0E66.exe Infected: not-a-virus:AdWare.Win32.Relevant.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45137B1F.cab/upgrade.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.f skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45137B1F.cab CAB: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45137B1F.cab CryptFF: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48F81668.htm Infected: Trojan-Downloader.JS.Agent.hv skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\518F1BB8.dll Infected: Trojan.Win32.Agent.avy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53202B5A.exe/data.rar/tcinstall.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53202B5A.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.jm skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53202B5A.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53202B5A.exe CryptFF: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\541C769C Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57242A1B.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58CE3C06 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58ED0EC0.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A736BEF Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E7628A4.exe Infected: Trojan.Win32.Agent.aoy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F2C7D9A Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F7C00F1 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60C5581A.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\637E33FB.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\646E46F4 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64EC1C69.htm Infected: Trojan-Downloader.JS.Agent.fq skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64FC1B79 Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667F2F3E Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E063F84.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2D6ACB.tmp Infected: Trojan-Downloader.Win32.Alphabet.p skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71DF17DC Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\758B1CAE Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\762E071D.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D0964BB Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\call256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chat1024.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chat512.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chat8192.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmsg16384.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmsg32768.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\chatmsg8192.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\index2.dat Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\transfer256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\transfer512.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\user1024.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\user16384.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\user4096.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Skype\jamie4400\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Jamie\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\Jamie\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Desktop\sdfix + cfix\SDFix\backups\backups.zip/backups/win27.tmp.exe Infected: Trojan.Win32.Agent.qt skipped

C:\Documents and Settings\Jamie\Desktop\sdfix + cfix\SDFix\backups\backups.zip/backups/win2B.tmp.exe Infected: Trojan.Win32.Agent.qt skipped

C:\Documents and Settings\Jamie\Desktop\sdfix + cfix\SDFix\backups\backups.zip ZIP: infected - 2 skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\jamie_lol_taylor@msn.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\jamie_lol_taylor@msn.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\History\History.IE5\MSHist012007082920070830\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\Perflib_Perfdata_a90.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\Perflib_Perfdata_d98.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DF3F71.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DF400F.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DF5BB6.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DF5BC8.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFB7EA.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFB828.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFFBF5.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temp\~DFFC0F.tmp Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jamie\Local Settings\Temporary Internet Files\Content.IE5\LRDVMAD8\warg2.part04[2].rar Object is locked skipped

C:\Documents and Settings\Jamie\My Documents\Downloads\Vista theme\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Jamie\My Documents\Downloads\Vista theme\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Jamie\My Documents\Downloads\Vista theme\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Jamie\My Documents\Downloads\Vista theme\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Jamie\ntuser.dat Object is locked skipped

C:\Documents and Settings\Jamie\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-08-29.20-29-38.log Object is locked skipped

C:\Program Files\BitLord\Downloads\battle royale by tntvillage\Battle Royale.avi.bc! Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Savrt\0599NAV~.TMP Object is locked skipped

C:\Program Files\Norton AntiVirus\Savrt\0802NAV~.TMP Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\winbue32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0079141.dll Infected: Trojan.Win32.Agent.avy skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP101\A0079187.dll Infected: Trojan.Win32.Agent.avy skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0083871.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0083872.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0083923.dll Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP117\change.log Object is locked skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP95\A0075250.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076543.dll Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076544.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076545.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076546.exe Infected: Trojan.Win32.Agent.avy skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076621.exe Infected: Trojan.Win32.Dialer.qn skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076622.exe Infected: Trojan.Win32.Agent.avy skipped

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP98\A0076623.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2AF1366B-D5C8-46C1-907B-7125EA21D7A5}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP117\change.log Object is locked skipped

Scan process completed.

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 AM

Posted 30 August 2007 - 10:41 PM

OK, everything is looking good, just a few odd and ends to clean up. You have malware in a few Quarantine and backup locations that aren't affecting you anymore, but if you aren't having problems with your system now, you can clean those out as you don't need them on your system.

1. Norton's Quarantine. Open Norton and go into it's Quarantine and clear it out.
2. Spybot S&D. Go into Spybot's Recovery section and select everything in there and then Purge Selected Items.
3. Delete C:\QooBox
4. Delete C:\Documents and Settings\Jamie\Desktop\sdfix + cfix\SDFix\backups. If sdfix + cfix is a folder you made to keep sdfix and combofix just go ahead and delete that folder. Both programs should only be used under supervision--we hope you won't need them again, but if you do a malware removal specialist will recommend you download the newest version.

You have the latest version of Java installed. For some reason, Sun Java leaves older versions on your sytem when you update, which is a security risk. Open Add/Remove Programs via Control Panel and uninstall any Java you find in there except jre1.6.0_02.

Download and install CCleaner.
(Starting with v1.27.260, the standard build installs the Yahoo Toolbar as an option which is checkmarked by default during the installation. IF you do NOT want it, remove the checkmark when provided with the option OR download the toolbarfree Basic version instead.)

*After installation, see the Using and Understanding CCleaner Tutorial.

Run CCleaner to clear out your Java cache and other junk files--I don't trust the issues function, so suggest you leave that button alone for now.

Scan again with HijackThis and place a checkmark next to these entries:

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close all other windows--you should only see HijackThis on your Desktop--and then click the "Fix checked" button.

To further secure your system, read over the following topic and use the advice that applies to you:

How did I get infected?, With steps so it does not happen again!


Using SpywareBlaster and Secunia Software Inspector are highly recommended if you haven't done so already.

Glad I was able to help.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#7 j_a_m_i_e

j_a_m_i_e
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 31 August 2007 - 05:34 AM

done it all :D thnx a bunch m8 :thumbsup:

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 AM

Posted 31 August 2007 - 07:55 AM

Well, you're more than welcome. :thumbsup:

One thing I forgot that is fair important.

Disable and Enable System Restore. - You should disable and then re-enable System Restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable System Restore here:

Windows XP System Restore Guide

Re-enable System Restore with instructions from the tutorial above.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users