Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"probably Unknown Newheur_pe"


  • Please log in to reply
18 replies to this topic

#1 voidstuff

voidstuff

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 19 August 2007 - 03:21 PM

So when I open BitComet (never had problems before with it) since yesterday I get a warning from Nod32 antivirus virus signature updated Nº 2470(20070819).
I got the warning 4 times since I opened BitComet more than once and the threat log in nod sais:

(don't think it is a good idea to click the links :thumbsup:)
http://210.51.1.184:8000/images/wow.exe probably unknown NewHeur_PE
http://210.51.1.184:8000/images/gj.exe probably unknown NewHeur_PE virus
http://210.51.1.184:8000/images/wowom.exe probably unknown NewHeur_PE
http://210.51.1.184:8000/images/wow.exe probably unknown NewHeur_PE virus





so the HIJACK THIS scan is the following:


Logfile of HijackThis v1.99.1
Scan saved at 3:49:34 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176864567498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176864694873
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Posted Image

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 19 August 2007 - 06:07 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum voidstuff :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 – Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 19 August 2007 - 09:05 PM

Thanks, I did everything hopefully right, the ComboFix log, the SmitfraudFix txt and again the Hijack This log.

a lot of info down here...
--------------------o-------------------------



ComboFix 07-08-17.2 - "Administrator" 2007-08-19 21:32:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


2007-08-19 21:31 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-19 21:27 <DIR> d-------- C:\Program Files\HostsXpert
2007-08-19 16:31 <DIR> d-------- C:\Program Files\VistaTask
2007-08-19 15:48 <DIR> d-------- C:\Program Files\Hijack This
2007-08-16 09:43 77,824 --a------ C:\WINDOWS\system32\ospitray.exe
2007-08-16 08:54 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-16 08:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-16 08:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-16 08:48 1,191 --a------ C:\WINDOWS\wmplayer.reg
2007-08-15 17:31 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2007-08-15 17:31 <DIR> d-------- C:\Program Files\Creative


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 21:31 --------- d-------- C:\Program Files\Winamp
2007-08-19 15:06 --------- d-------- C:\Program Files\celestia
2007-08-15 17:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 18:25 --------- d-------- C:\Program Files\MVM 2005 - Virtua Tennis
2007-07-28 13:58 --------- d-------- C:\Program Files\IrfanView
2007-07-25 09:18 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SSH
2007-07-22 23:05 --------- d-------- C:\Program Files\BitComet
2007-07-16 11:34 --------- d-------- C:\Program Files\Security Task Manager
2007-07-16 00:05 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-07 20:19 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2001-11-23 00:08 712704 -ra------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1999-03-12 14:26 240022 --a------ C:\Program Files\GAssist.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 04:33 C:\WINDOWS\mixer.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-16 17:24]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-16 18:16]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-20 14:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2005-09-16 09:29]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-05-01 19:42:32]

R0 SiSRaid;SiSRaid;C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 21:34:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 21:35:22

--- E O F ---














SmitFraudFix v2.213b

Scan done at 21:44:51.39, Sun 08/19/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

C:\DOCUME~1\ADMINI~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 200.28.216.1
DNS Server Search Order: 200.54.144.227

HKLM\SYSTEM\CCS\Services\Tcpip\..\{452281E5-5E26-4138-A569-826C414BF988}: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS1\Services\Tcpip\..\{452281E5-5E26-4138-A569-826C414BF988}: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS3\Services\Tcpip\..\{452281E5-5E26-4138-A569-826C414BF988}: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=200.28.216.1 200.54.144.227


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




















Logfile of HijackThis v1.99.1
Scan saved at 9:46:55 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176864567498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176864694873
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Posted Image

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 20 August 2007 - 03:53 AM

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report,and a new Hijack This log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 20 August 2007 - 11:54 PM

Let me know how your pc is running now please.



I wasn't completely shure what you meant...... if it was to check if BitComet had the virus popup window after all the procedures I followed, I did not check it because I thought it might cause more problems. Besides BitComet, the PC is running very good as always.

Please tell me if you want me to check BitComet.


-----------------o----------------------




SmitFraudFix v2.213b

Scan done at 0:35:07.90, Tue 08/21/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{452281E5-5E26-4138-A569-826C414BF988}: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS1\Services\Tcpip\..\{452281E5-5E26-4138-A569-826C414BF988}: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS3\Services\Tcpip\..\{452281E5-5E26-4138-A569-826C414BF988}: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=200.28.216.1 200.54.144.227
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=200.28.216.1 200.54.144.227


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



















Logfile of HijackThis v1.99.1
Scan saved at 12:36:57 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176864567498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176864694873
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Posted Image

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 21 August 2007 - 02:44 AM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 21 August 2007 - 08:11 PM

This is not working... I opened BitComet and the same message appeared, which was my only problem, apart from that I haven't noticed any other spyware or virus. I also scaned using Spybot Search & Destroy, to get nothing.


I wanted to show you the window message of bit comet , maybe it can help. Thanks

http://profile.imageshack.us/user/voidstuf...34/virushh2.jpg

----------------------o---------------------------


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2007 at 08:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3290
Trace Rules Database Version: 1301

Scan type : Complete Scan
Total Scan Time : 00:30:35

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 5272
Registry threats detected : 0
File items scanned : 31420
File threats detected : 0






















Logfile of HijackThis v1.99.1
Scan saved at 8:44:41 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:Program FilesEsetnod32krn.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSMixer.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesEsetnod32kui.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAcesoftTracks Eraser Prote.exe
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe
C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
C:Program FilesWinampwinamp.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesHijack ThisHijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Tracks Eraser Pro] C:Program FilesAcesoftTracks Eraser Prote.exe min
O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:Program FilesCisco SystemsVPN Clientvpngui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binnpjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176864567498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176864694873
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:Program FilesAcesoftTracks Eraser Proautocomp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEsetnod32krn.exe
Posted Image

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 22 August 2007 - 03:36 AM

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
Copy and paste the contents of that file into your next reply.
Posted Image
Posted Image

#9 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 23 August 2007 - 09:08 AM

karpesky showed several problems...... Yesterday I recieved a virus through msn, it was very clever because it was automaticaly sent to other contacts, so I got the internet link from a friend, but he then said he did not send it, that it was a virus. But as i trusted my friend, I dind't doubt of opening it. So you may notice there are additional problems :S. Hopefully you can help me :thumbsup:

I'll also add two logs of Nod and one from SpyBot-search and destroy
--------------------------o-------------------------------
Time Module Object Name Threat Action User Information
8/23/2007 2:10:01 AM AMON file C:\System Volume Information\_restore{5511DBE2-E38F-4C86-B0B6-338B4AFC9637}\RP130\A0009939.Vexe probably a variant of Win32/TrojanDownloader.Obfuscated trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
8/22/2007 20:03:34 PM IMON file http://mediacount.net/adv/177/win32.exe probably a variant of Win32/Nuwar worm GABO\Administrator
8/22/2007 20:03:30 PM IMON file http://mediacount.net/adv/177/win32.exe probably a variant of Win32/Nuwar worm GABO\Administrator
8/22/2007 20:03:08 PM IMON file http://mediacount.net/strong/177/ HTML/TrojanDownloader.AniLoad.NAC trojan Connection terminated GABO\Administrator
8/22/2007 20:03:08 PM IMON file http://203.121.79.101/mpak3//file123.php probably a variant of Win32/Agent trojan GABO\Administrator
8/22/2007 20:03:08 PM IMON file http://mediacount.net/adv/177/sploit.anr a variant of Win32/TrojanDownloader.Ani.Gen trojan GABO\Administrator



Scan performed at: 8/22/2007 20:24:24 PM
Scanning Log
NOD32 version 2476 (20070822) NT
Operating memory - is OK

Date: 22.8.2007 Time: 20:24:37
Scanned disks, folders and files: C:
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\Administrator\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\Administrator\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\parent.lock - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe »RAR »SmitfraudFix\Process.exe - Win32/PrcView application
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\gabcorrea@gmail.com\SharingMetadata\spaccot@hotmail.com\DFSR\Staging\CS{5B2182FA-6724-1DAF-35D5-41A6352B4EDE}\01\10-{5B2182FA-6724-1DAF-35D5-41A6352B4EDE}-v1-{4A5148D4-98E8-4DC7-B6DB-7E75CA9218A8}-v10-Downloaded.frx - error opening [4]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Administrator\My Documents\passwords.zip »ZIP »passwords.txt - error - password-protected file
C:\Documents and Settings\Administrator\My Documents\Downloads\Virtua.Tennis.3-RELOADED\rld-vit3.rar »RAR - next archive volume not found
C:\Documents and Settings\Administrator\My Documents\OTROS\passwords.zip »ZIP »passwords.txt - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoAccessActiveXObject.zip »ZIP »sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoAccessActiveXObject.zip »ZIP »sbRecovery.ini - error - password-protected file
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Downloads\Over 1100 General Computer Ebooks\101 Reasons To Switch To The Mac (2006).chm.bc! »CHM »/0768668727/images/01fig39_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\A Developer's Guide To SQL Server 2005 (2006).chm.bc! »CHM »/0321382188/images/fig11-38_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\A Practical Guide To Red Hat Linux, 3rd Edition (2006).chm.bc! »CHM »/0132280272/images/802720427.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Absolute Beginner's Guide To Microsoft Windows XP, 2nd Edition (2005).chm.bc! »CHM »/078973432X/images/078973432X/graphics/07fig04.jpg;431827 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Absolute Beginner's Guide To Upgrading And Fixing Your PC (2003).chm.bc! »CHM »/FILES/09fig03.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Access 2007 For Starters - The Missing Manual (2007).chm.bc! »CHM »/0596528337/images/orm9780596528331_0119.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Administrator's Guide To Microsoft SQL Server 2005 (2006).chm.bc! »CHM »/0321397975/images/02ags17_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Adobe Audition 2.0 Classroom In A Book (2006).chm.bc! »CHM »/0321385500/images/fig_07_08_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Adobe Creative Suite 2 Workflow (2005).chm.bc! »CHM »/0596102364/images/adobecs2work_0122.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Advanced Programming In The UNIX Environment, 2nd Edition (2005).chm.bc! »CHM »/$FIftiMain - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Ajax Hacks - Tips & Tools For Creating Responsive Websites (2006).chm.bc! »CHM »/0596101694/images/ajhk_0108.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\An Introduction To Programming Using Visual Basic 2005, 6th Edition (2006).chm.bc! »CHM »/0130306541/ch10lev1sec2.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Apple Boot Camp Public Beta First Look (2006).chm.bc! »CHM »/0321473779/images/figure_32_mouse_control.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\ASP.NET 2.0 Unleashed (2006).chm.bc! »CHM »/0768666783/images/11fig03_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Assembly Language Step-By-Step - Programming With DOS And Linux, 2nd Edition (2000).chm.bc! »CHM »/2283/images/fig187_01_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Auction Templates Starter Kit (2006).chm.bc! »CHM »/0789735636/images/02fig19_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Beginning SUSE Linux - From Novice To Professional (2005).chm.bc! »CHM »/9819/images/fig07_01_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Beginning Xcode (2006).chm.bc! »CHM »/11790/images/fig5-8_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Beyond Java (2005).chm.bc! »CHM »/0596100949/beyondjava-PREFACE-2.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\BlackBerry Hacks (2005).chm.bc! »CHM »/0596101155/images/0596101155/figs/blackberryhks_0627.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Building Secure Servers With Linux (2002).chm.bc! »CHM »/images/0596002173/figs/bssl_0313.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\C++ In A Nutshell (2003).chm.bc! »CHM »/059600298X/cplsian-CHP-4-SECT-3.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Car PC Hacks (2005).chm.bc! »CHM »/0596008716/images/0596008716/figs/carpchks_0503.jpg;445920 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Comparing, Designing, And Deploying VPNs (2006).chm.bc! »CHM »/1587051796/images/dv080757_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Computer And Communication Networks (2006).chm.bc! »CHM »/0131747991/ch02lev1sec1.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Creating A Digital Home Entertainment System With Windows Media Center (2006).chm.bc! »CHM »/0789735423/images/01fig06_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Cryptography For Dummies (2004).chm.bc! »CHM »/8302final/images/541889fg0810_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\CSS - The Definitive Guide, 3rd Edition (2006).chm.bc! »CHM »/0596527330/images/csstdg3_0911.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Deploying IPv6 Networks (2006).chm.bc! »CHM »/1587052105/images/09fig02_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Digital Lighting & Rendering, 2nd Edition (2006).chm.bc! »CHM »/0321316312/images/dir2_02_05.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\DNS On Windows Server 2003 (2003).chm.bc! »CHM »/FILES/dnsw3_1301.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Dreamweaver 8 Design and Construction (2006).chm.bc! »CHM »/0596101635/images/dreamwvrmx_1323.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Effective Enterprise Java (2004).chm.bc! »CHM »/$FIftiMain - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Essential CSharp 2.0 (2006).chm.bc! »CHM »/0321150775/images/michaelis_fig04_01_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\FileMaker Pro 8 For Windows And Macintosh - Visual QuickStart Guide (2006).chm.bc! »CHM »/032139674X/images/05-33.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Firewall Fundamentals (2006).chm.bc! »CHM »/1587052210/images/fu750302.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Flash 8 - The Missing Manual (2006).chm.bc! »CHM »/0596101376/images/flash8tmm_0324.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Game Development With ActionScript (2004).chm.bc! »CHM »/FILES/12fig08.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Google Maps Hacks (2006).chm.bc! »CHM »/0596101619/images/googlemapshks_0611.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Hacker Disassembling Uncovered (2003).chm.bc! »CHM »/6555final/images/fig5-10_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Hitchhiker's Guide To Visual Studio And SQL Server, 7th Edition (2006).chm.bc! »CHM »/0321243625/images/02fig016.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Honeypots - Tracking Hackers (2002).chm.bc! »CHM »/FILES/11fig02.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\HTML, XHTML, & CSS - Visual QuickStart Guide, 6th Edition (2006).chm.bc! »CHM »/0321430840/images/default_ff_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Idea To Image In Photoshop CS2 - Rick Sammon's Guide To Enhancing Your Digital Photographs (2006).chm.bc! »CHM »/0321429184/images/1_7_s6a.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Illustrated Mac OS X v.10.4 Tiger (2005).chm.bc! »CHM »/159200878X/images/159200878X/graphics/024fig01.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Illustrated TCP-IP - A Graphic Guide To The Protocol Suite (1999).chm.bc! »CHM »/images/fig02-31_0.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Inside Delphi 2006 (2006).chm.bc! »CHM »/12949/images/fig05_10_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Inside SQL Server 2005 Tools (2006).chm.bc! »CHM »/0321397967/images/04lss21_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Introduction To SQL - Mastering The Relational Database Language, 4th Edition (2006).chm.bc! »CHM »/0321305965/images/26sql03.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\iPhoto 6 For Mac OS X - Visual QuickStart Guide (2006).chm.bc! »CHM »/0321423313/images/fig-4-01.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\iPod - The Missing Manual, 5th Edition (2006).chm.bc! »CHM »/0596529783/images/ipodtmm5_0401.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\IPsec Virtual Private Network Fundamentals (2006).chm.bc! »CHM »/1587052075/images/vp461007_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\IRC Hacks - 100 Industrial-Strength Tips & Tools (2004).chm.bc! »CHM »/059600687X/images/059600687X/figs/irch_0303.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Java Enterprise In A Nutshell, 3rd Edition (2005).chm.bc! »CHM »/0596101422/javaentnut3-CHP-6-SECT-7.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Java Servlet & JSP Cookbook (2004).chm.bc! »CHM »/0596005725_jsvltjspckbk-chp-27.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\JavaScript & AJAX For The Web - Visual QuickStart Guide, 6th Edition (2006).chm.bc! »CHM »/0321430328/images/04fig09.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\JavaScript Phrasebook - Essential Code And Commands (2006).chm.bc! »CHM »/0672328801/images/04fig03_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Killer Game Programming In Java (2005).chm.bc! »CHM »/0596007302/killergame-chp-5-sect-5.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Launching Your Yahoo Business (2006).chm.bc! »CHM »/0789735334/images/02fig01_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Learning Red Hat Enterprise Linux & Fedora, 4th Edition (2004).chm.bc! »CHM »/059600589X/images/059600589X/figs/rh4_0201.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Linux Desktop Garage (2005).chm.bc! »CHM »/0131494198/images/0131494198/graphics/01fig02_alt.jpg;380137 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Linux In A Nutshell, 4th Edition (2003).chm.bc! »CHM »/0596004826/linuxnut4-CHP-3-SECT-1.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Macromedia Flash 8 ActionScript - Training From The Source (2006).chm.bc! »CHM »/0321336194/images/246fig01.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Making A Living From Your eBay Business, 2nd Edition (2006).chm.bc! »CHM »/0789736462/ch15lev1sec4.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Audio/Click1.ogg - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Audio/High1.ogg - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/autorun.cdd - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Buttons/1_1615.btn - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Buttons/exit.btn - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Docs/Improved_Roulette_Cheat_System2_FINAL.pdf - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Docs/wmp11-windowsxp-x86-enu.exe - error - password-protected file
C:\Downloads\Over 1100 General Computer Ebooks\Mastering Web Development With Microsoft Visual Studio 2005 (2005).pdf.bc! »RAR »Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Microsoft Windows Security Inside Out (2003).chm.bc! »CHM »/securexphtml/images/f02tn11.JPG - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Microsoft Windows Server 2003 Administrator's Pocket Consultant (2003).chm.bc! »CHM »/FILES/f03ap12.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Microsoft Windows Server 2003 Insider Solutions (2003).chm.bc! »CHM »/FILES/07fig01.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Moving To Ubuntu Linux (2006).chm.bc! »CHM »/0321482395/images/firefox_swedish_chef_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\MySQL - Essential Skills (2004).chm.bc! »CHM »/8169final/images/f01-04_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\MySQL Certification Study Guide (2004).chm.bc! »CHM »/$FIftiMain - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\NET Internationalization - The Developer's Guide To Building Global Windows And Web Applications (2006).chm.bc! »CHM »/0321341384/images/gsf02_06_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Network Security Hacks - Tips & Tools For Protecting Your Privacy, 2nd Edition (2006).chm.bc! »CHM »/0596527632/images/nsh2_0212.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Next-Generation Network Services (2005).chm.bc! »CHM »/1587051591/ch07lev1sec7.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Nokia Smartphone Hacks (2005).chm.bc! »CHM »/0596009615/nokiasmarthks-chp-11-sect-4.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\OpenGL Shading Language, 2nd Edition (2006).chm.bc! »CHM »/0321334892/images/01fig01_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Photoshop Finishing Touches (2006).chm.bc! »CHM »/0321441664/images/thres06.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Podcasting And Blogging With GarageBand And iWeb (2006).chm.bc! »CHM »/032149217X/images/blog1_entries.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Practical FPGA Programming In C (2005).chm.bc! »CHM »/0131543180/images/0131543180/graphics/01fig01.jpg;423381 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Professional CSharp 2005 (2005).chm.bc! »CHM »/11786/images/fig14_08_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Professional Java Development With The Spring Framework (2005).chm.bc! »CHM »/11235/BBL0162.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Professional SQL Server 2005 Integration Services (2006).chm.bc! »CHM »/12450/images/fig64_02_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Programming Applications For Microsoft Windows, 4th Edition (1999).chm.bc! »CHM »/HTML/images/F13si02x.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Programming Embedded Systems - With C And GNU Development Tools, 2nd Edition (2006).chm.bc! »CHM »/0596009836/images/pges_0806.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Programming SQL Server 2005 (2006).chm.bc! »CHM »/0596004796/images/progsqlsvr_1301.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Programming With Microsoft Visual C++ .NET, 6th Edition (2003).chm.bc! »CHM »/LiB0223.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Project 2003 Personal Trainer (2005).chm.bc! »CHM »/0596008546/images/0596008546/figs/projectpt_0214.gif;431831 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Publish & Prosper - Blogging For Your Business (2006).chm.bc! »CHM »/0321447115/images/01fig02b_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Quicken 2007 On Demand (2006).chm.bc! »CHM »/0789736381/images/02fig35_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Real World Aperture (2006).chm.bc! »CHM »/0321441931/images/f_3_02_import_dialog_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Retro Gaming Hacks - Tips & Tools For Playing The Classics (2005).chm.bc! »CHM »/0596009178/retrogaminghks-CHP-6-SECT-4.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Self-Defending Networks - The Next Generation Of Network Security (2006).chm.bc! »CHM »/1587052539/images/mc170207.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Servlets And JavaServer Pages - The J2EE Technology Web Tier (2003).chm.bc! »CHM »/FILES/12fig01.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Special Edition Using Microsoft Windows XP Professional, 3rd Edition (2004).chm.bc! »CHM »/0789732807/images/0789732807/graphics/01fig15_alt.jpg;380140 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Special Edition Using WordPerfect Office X3 (2006).chm.bc! »CHM »/0789734273/images/05fig02_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\SQL Server 2005 Express Edition Starter Kit (2006) [SAMPLE FILES].zip.bc! »ZIP »SQL Server 2005 Express Edition Starter Kit (2006) [SAMPLE FILES]/Chapter 15/MultiUserApp Stored Procedure/MasterDetail/bin/Debug/MasterDetail.pdb - incorrect CRC checksum, the file may be damaged
C:\Downloads\Over 1100 General Computer Ebooks\SQL Server 2005 Express Edition Starter Kit (2006) [SAMPLE FILES].zip.bc! »ZIP - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Steal This Computer Book 3 - What They Won't Tell You About The Internet (2003).chm.bc! »CHM »/6097final/images/fig13-2_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Succeeding At Your Yahoo Business (2006).chm.bc! »CHM »/0789735342/images/06fig11.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\SUSE Linux - A Complete Guide To Novell's Community Distribution (2006).chm.bc! »CHM »/059610183X/images/suselinux_0409.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\SUSE Linux 10 Unleashed (2005).chm.bc! »CHM »/0672327260/images/0672327260/graphics/11fig07_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Teach Yourself Adobe Photoshop CS2 In 24 Hours (2005).chm.bc! »CHM »/0672327554/images/0672327554/graphics/01fig04_alt.jpg;400477 - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Teach Yourself Macromedia Dreamweaver 8 In 24 Hours (2005).chm.bc! »CHM »/0672327538/app01.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Teach Yourself Microsoft Office 2003 In 24 Hours (2003).chm.bc! »CHM »/FILES/08fig06.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Teach Yourself PHP, MySQL, And Apache All-In-One, 3rd Edition (2006).chm.bc! »CHM »/0672328739/images/03fig05_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Ten Ton Dreamweaver (2006).chm.bc! »CHM »/0321374126/images/037fig01.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Adobe Lightroom eBook For Digital Photographers (2006).chm.bc! »CHM »/0321437365/images/038fig02_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Art Of Assembly Language (2003).chm.bc! »CHM »/7260final/images/7260-chapter-15.zip - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Art Of Computer Virus Research And Defense (2005).chm.bc! »CHM »/0321304543/images/0321304543/graphics/08fig03.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Definitive Guide To MySQL, 2nd Edition (2004).chm.bc! »CHM »/8273final/images/fig02_07_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Digital Photography Book (2006).chm.bc! »CHM »/032147404X/images/gearguide_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Internet - The Missing Manual (2006).chm.bc! »CHM »/059652742X/images/internettmm_1201.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Java Tutorial - A Short Course On The Basics, 4th Edition (2006).chm.bc! »CHM »/0321334205/images/ui_dialogw.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Tao Of Network Security Monitoring - Beyond Intrusion Detection (2004).chm.bc! »CHM »/0321246772/images/0321246772/graphics/05fig02_alt.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\The Ultimate Windows Server 2003 System Administrator's Guide (2003).chm.bc! »CHM »/Inside Windows Server 2003/images/0201791064/graphics/05fig15.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Understanding Linux Network Internals (2005).chm.bc! »CHM »/0596002556/images/understandlni_1102.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Unicode Explained (2006).chm.bc! »CHM »/059610121X/images/unicode_0212.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Unix In A Nutshell, 4th Edition (2005).chm.bc! »CHM »/$FIftiMain - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Unix Shell Programming, 3rd Edition (2003).chm.bc! »CHM »/0672324903/ch13lev1sec5.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Upgrading And Repairing Laptops, 2nd Edition (2005).chm.bc! »CHM »/0789733765/ch08lev1sec2.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Upgrading And Repairing Servers (2006).chm.bc! »CHM »/078972815X/images/03fig38_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Visual Basic 2005 Cookbook (2006).chm.bc! »CHM »/0596101775/images/vb2005ckbk_0719.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Visual Studio Tools For Office - Using Visual Basic 2005 With Excel, Word, Outlook, And InfoPath (2006).chm.bc! »CHM »/0321411757/ch12lev1sec3.html - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Web Design Garage (2005).chm.bc! »CHM »/0131481991/images/style.css - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Web Design In A Nutshell, 3rd Edition (2006).chm.bc! »CHM »/0596009879/images/wdnut3_1208.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Wi-Fi Hotspots (2006).chm.bc! »CHM »/1587052660/images/wh490806_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows .NET Server 2003 Domains & Active Directory (2003).chm.bc! »CHM »/images/fig12-15_0.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows Developer Power Tools (2006).chm.bc! »CHM »/0596527543/images/wdpt_0913.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows Forensics And Incident Recovery (2004).chm.bc! »CHM »/0321200985/images/0321200985/graphics/07fig04_alt.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows Forms Programming In CSharp (2003).chm.bc! »CHM »/FILES/09fig27.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows Vista - The Missing Manual (2006).chm.bc! »CHM »/0596528272/images/214grouping.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows XP Hacks - Tips & Tools For Optimizing Your OS, 1st Edition (2003).chm.bc! »CHM »/FILES/xph_0220.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Windows XP Pro - The Missing Manual (2003).chm.bc! »CHM »/FILES/03fig19.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Wireless Hacks - 100 Industrial-Strength Tips & Tools (2003).chm.bc! »CHM »/FILES/wh_0336.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Word 2007 - The Missing Manual (2006).chm.bc! »CHM »/059652739X/images/word2007tmm_0510.jpg - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Writing Secure Code, 2nd Edition (2003).chm.bc! »CHM »/secureco2/32ch02d.htm - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\XML Hacks - 100 Industrial-Strength Tips & Tools (2004).chm.bc! »CHM »/0596007116/images/0596007116/figs/xmlh_0114.gif - archive damaged
C:\Downloads\Over 1100 General Computer Ebooks\Yahoo Hacks - Tips & Tools For Living On The Web Frontier (2005).chm.bc! »CHM »/0596009453/images/yahoohks_0256.jpg - archive damaged
C:\Downloads\Unreal Tournamenr 2004\Crack\Keygen\Keygen.exe - probably a variant of Win32/TrojanDownloader.Obfuscated trojan - quarantined - deleted
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Audio/Click1.ogg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Audio/High1.ogg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/autorun.cdd - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Buttons/1_1615.btn - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Buttons/exit.btn - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Docs/Improved_Roulette_Cheat_System2_FINAL.pdf - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Docs/wmp11-windowsxp-x86-enu.exe - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/cars.swf - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/cars_assets/data.txt - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/cars_assets/tmp22_img1.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/cars_assets/tmp22_img2.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/cars_assets/tmp22_img3.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/cars_assets/tmp22_img4.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us.swf - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us_assets/data.txt - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us_assets/Thumbs.db - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us_assets/tmp39_img1.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us_assets/tmp39_img2.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us_assets/tmp39_img3.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/join us_assets/tmp39_img4.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/omm.swf - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/omm_assets/data.txt - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/omm_assets/tmp25_img1.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/omm_assets/tmp25_img2.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/omm_assets/tmp25_img3.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/the best.swf - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/the best_assets/data.txt - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/the best_assets/tmp28_img1.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/the best_assets/tmp28_img2.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/the best_assets/tmp28_img3.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Flash/the best_assets/tmp28_img4.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Icons/Boite cd.ico - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Icons/souris .ico - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/002AE16.png - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/630B0294.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/bg_4.png - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/bonus.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/install.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/Logo Template - Logo_34b.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/mask.png - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »AutoPlay/Images/release.jpg - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »autorun.exe - error - password-protected file
C:\Downloads\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe »ZIP »souris .ico - error - password-protected file
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\System Volume Information\_restore{5511DBE2-E38F-4C86-B0B6-338B4AFC9637}\RP130\A0009937.exe - Win32/PrcView application
C:\System Volume Information\_restore{5511DBE2-E38F-4C86-B0B6-338B4AFC9637}\RP130\A0009939.exe - probably a variant of Win32/TrojanDownloader.Obfuscated trojan - quarantined - renamed to C:\System Volume Information\_restore{5511DBE2-E38F-4C86-B0B6-338B4AFC9637}\RP130\A0009939.Vexe
C:\WINDOWS\system32\CatRoot2\edb.log - error opening (File locked) [4]
C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening (File locked) [4]
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
Number of scanned files: 517763
Number of threats found: 4
Number of files cleaned: 2
Number of active threats: 2
Time of completion: 21:59:57 Total scanning time: 5720 sec (01:35:20)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.


















--- Report generated: 2007-08-23 09:52 ---

Smitfraud-C.: Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-220523388-776561741-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System

Smitfraud-C.: Program file (File, nothing done)
C:\WINDOWS\system32\Fretr.exe

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-18 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-18 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-18 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-18 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-18 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-18 Includes\PUPSC.sbi (*)
2007-04-18 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-18 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-18 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-11 Includes\Trojans.sbi (*)
2007-04-18 Includes\TrojansC.sbi (*)





















-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 23, 2007 9:40:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/08/2007
Kaspersky Anti-Virus database records: 363426
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63413
Number of viruses found: 12
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:33:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\55\265b8ef7-7cbd7769/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\55\265b8ef7-7cbd7769 ZIP: infected - 1 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\cid219bm.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\AcrFBCD.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\700 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC8A3.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\4FPXJWDA.NQF Infected: Trojan-Downloader.Win32.Zlob.btq skipped
C:\Program Files\ESET\infected\4MKOUUAA.NQF Infected: Trojan-Downloader.Win32.Zlob.bxe skipped
C:\Program Files\ESET\infected\CSUIZBBA.NQF Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\Program Files\ESET\infected\CSZULKBA.NQF Infected: Trojan-Downloader.Win32.Zlob.btj skipped
C:\Program Files\ESET\infected\D3OPORDA.NQF Infected: Trojan-Spy.Win32.Delf.vo skipped
C:\Program Files\ESET\infected\H0OGMVAA.NQF Infected: Trojan-Downloader.Win32.Zlob.bnw skipped
C:\Program Files\ESET\infected\JPGPTGDA.NQF Infected: Trojan.Win32.Agent.amr skipped
C:\Program Files\ESET\infected\MK4O4ZDA.NQF Infected: Trojan-Downloader.Win32.Zlob.btj skipped
C:\Program Files\ESET\infected\QYM0ZXAA.NQF Infected: Email-Worm.Win32.Zhelatin.he skipped
C:\Program Files\ESET\infected\STCRDVBA.NQF Infected: Trojan-PSW.Win32.WOW.rh skipped
C:\Program Files\ESET\infected\UICZ5PDA.NQF Infected: Trojan-Downloader.Win32.Zlob.btq skipped
C:\Program Files\ESET\infected\YTQ53FAA.NQF Infected: Trojan-Downloader.Win32.Zlob.btq skipped
C:\Program Files\ESET\logs\nod32\NDL15130.DAT Object is locked skipped
C:\Program Files\ESET\logs\nod32\NDL25991.DAT Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Subliminal Flash\WaveServer.exe Infected: Constructor.Win32.Negett.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5511DBE2-E38F-4C86-B0B6-338B4AFC9637}\RP130\A0009938.exe Infected: IM-Worm.Win32.VB.au skipped
C:\System Volume Information\_restore{5511DBE2-E38F-4C86-B0B6-338B4AFC9637}\RP131\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by voidstuff, 23 August 2007 - 09:10 AM.

Posted Image

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 23 August 2007 - 10:11 AM

Find and delete:
C:\WINDOWS\system32\Fretr.exe
C:\Program Files\Subliminal Flash\WaveServer.exe

Delete everything inside this folder in bold text:
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache

Delete everything inside the NOD32 quarantine folder,then empty the recycle bin:
C:\Program Files\ESET\infected

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.
Restart your pc.
Turn 'System Restore' back on:

Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Post a new Hijackthis log.
Posted Image
Posted Image

#11 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 August 2007 - 12:25 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:04:57 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijack This\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Antivir] C:\WINDOWS\nod32.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows] C:\WINDOWS\Jret.exe
O4 - HKCU\..\Run: [SystemUpdate] C:\WINDOWS\system32\Tick.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\system32\Fretr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176864567498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176864694873
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Posted Image

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 24 August 2007 - 03:09 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows] C:\WINDOWS\Jret.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\system32\Fretr.exe


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
* Also post a new Hijackthis log please.

Posted Image
Posted Image

#13 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 August 2007 - 06:37 PM

I had to turn off the automatic defence AMON of nod to download the file you told me to. Then I did the rest sucsesfully.


The good thing is that the Task Mannager doesn't automatically close as before and the processes Jret.exe and Fretr.exe. I aslo decided to delete with Hijack the entry called O4 - HKCU\..\Run: [SystemUpdate] C:\WINDOWS\system32\Tick.exe because I could identify the corrupted files on C:/Windows and C:/Windows/System32 folders by their creation date, which was on wednesdy at 7:59 pm.

The bad thing is that before posting this, I tried to uninstall Yahoo bar from "add/remove programs" and the PC restarted. Yahoo was suddenly installed by the virus I guess, I did not install it.

-------------------o-------------------


SDFix: Version 1.100

Run by Administrator on Fri 08/24/2007 at 06:56 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\svchost.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\syniyen8.dll
C:\WINDOWS\system32\segmfw21.dll
C:\WINDOWS\Jret.exe
C:\WINDOWS\nod32.exe
C:\WINDOWS\plick.exe
C:\WINDOWS\Zos.exe
C:\Documents and Settings\Administrator\My Documents\OTROS\~WRL0001.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Finished



















Logfile of HijackThis v1.99.1
Scan saved at 7:30:16 PM, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\nod32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Antivir] C:\WINDOWS\nod32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176864567498
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176864694873
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Posted Image

#14 voidstuff

voidstuff
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 24 August 2007 - 06:39 PM

BTW I can still see the files crated on the date I specified on folders of Windows, but now the processes aren't running.
Posted Image

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 24 August 2007 - 07:00 PM

Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete:
C:\WINDOWS\Zos.exe
C:\WINDOWS\Jret.exe
C:\WINDOWS\plick.exe
C:\WINDOWS\syniyen8.dll
C:\WINDOWS\system32\segmfw21.dll

Restart your pc normally.
Post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users