Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 mattyb

mattyb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 April 2008 - 02:34 AM

Hi guys,

I had a trojan infect my PC which i have tried to remove however my computer is still not running well, any help would be greatly appreciated? hi-jack this and decker logs below, tried to do a kasprsky online scan but

Deckard's System Scanner v20070711.54
Run by MathewB on 2008-04-24 at 11:22:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as MathewB.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:50 AM, on 24/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal



Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internode\mum.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\IT\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4314 bytes

-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-22 21:59:11 0 -rahs---- C:\MSDOS.SYS
2008-04-22 21:59:11 0 -rahs---- C:\IO.SYS
2008-04-22 16:17:25 0 d-------- C:\Program Files\Inet_Get_2
2008-04-22 16:07:23 0 d-------- C:\Program Files\JavaCore
2008-04-22 16:02:21 0 d-------- C:\Program Files\CPV
2008-04-22 15:57:15 0 d-------- C:\Program Files\Temporary
2008-04-21 14:46:29 0 d-------- C:\Program Files\DAMN NFO Viewer
2008-04-21 14:35:06 405 --ahs---- C:\Windows\system32\uvxayGgh.ini2
2008-04-21 14:35:00 274432 --a------ C:\Windows\system32\hgGyaxvu.dll
2008-04-21 14:16:19 0 d-------- C:\Users\All Users\FLEXnet
2008-04-21 12:48:06 0 d-------- C:\Program Files\Bonjour
2008-04-21 12:22:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-12 00:18:26 11264 --a------ C:\Windows\b138.exe
2008-04-04 12:56:31 0 d-------- C:\Program Files\Safari
2008-04-04 12:53:13 0 d-------- C:\Program Files\iPod
2008-04-04 12:52:41 0 d-------- C:\Program Files\iTunes
2008-04-04 12:46:08 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-04-24 11:21:16 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype
2008-04-24 08:35:19 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\skypePM
2008-04-23 20:37:07 56405 --a------ C:\Users\mathewb.INTEGRAL\AppData\Roaming\nvModes.001
2008-04-22 20:40:11 12 --a------ C:\Windows\bthservsdp.dat
2008-04-22 20:37:00 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Free Download Manager
2008-04-22 15:35:06 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Azureus
2008-04-22 15:34:52 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-22 15:34:51 0 d-------- C:\Program Files\Internode
2008-04-22 15:34:48 0 d-------- C:\Program Files\DAEMON Tools
2008-04-22 15:34:48 0 d-------- C:\Program Files\Common Files\Skype
2008-04-22 15:34:48 0 d-------- C:\Program Files\Azureus
2008-04-21 16:49:04 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Adobe
2008-04-21 13:15:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-16 09:08:37 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Internode
2008-04-10 15:42:38 0 d-------- C:\Program Files\Windows Mail
2008-04-04 20:10:15 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Apple Computer
2008-03-19 11:17:12 0 d-------- C:\Program Files\Common Files\Nokia
2008-03-19 11:17:11 0 d-------- C:\Program Files\Nokia
2008-03-18 09:12:38 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Nokia Multimedia Player
2008-03-18 08:27:48 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Nokia
2008-03-12 10:02:36 0 d-------- C:\Program Files\Common Files\PCSuite
2008-02-29 11:09:22 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\PC Suite
2008-02-29 10:59:30 0 d-------- C:\Program Files\DIFX


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{9E72E4EC-3EC8-47A7-A4E2-1204B13F90D9} C:\Windows\system32\hgGyaxvu.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} C:\Program Files\Free Download Manager\iefdm2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"NDSTray.exe"="NDSTray.exe"
"TOSHIBA Volume Indicator"="\"C:\\Program Files\\Toshiba\\Utilities\\VolControl.exe\""
"PSQLLauncher"="\"C:\\Program Files\\Protector Suite QL\\launcher.exe\" /startup"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
@=""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"TPwrMain"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,4f,53,48,49,\
"HSON"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,4f,53,48,49,42,\
"SmoothView"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,6f,73,68,\
"00TCrdMain"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,4f,53,48,\
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe"
"TOSCDSPD"="TOSCDSPD.EXE"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"PC Suite Tray"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe\" -onlytray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000
"DisableCAD"=dword:00000001
"EnableLUA"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0psqlpwd\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0C:\Windows\system32\hgGyaxvu\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0CscService\0TabletInputService\0UmRdpService\0wlansvc\0WPDBusEnum\0EMDMgmt\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3a1a4e-243a-11dc-8210-806e6f6e6963}]
shell\AutoRun\command setupSNK.exe


-- End of Deckard's System Scanner: finished at 2008-04-24 at 11:22:45 ---------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:31 PM, on 24/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internode\mum.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\IT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.64.15.245:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9E72E4EC-3EC8-47A7-A4E2-1204B13F90D9} - C:\Windows\system32\hgGyaxvu.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.google.com.au
O15 - Trusted Zone: http://www.torrentspy.com
O15 - Trusted Zone: pki.ato.gov.au (HKLM)
O16 - DPF: {41B91E42-6366-11D4-90DB-0050DAC37F9F} - https://secure5.arcot.com/installCCPlugin/u...lugin_winnt.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Integral.local
O17 - HKLM\Software\..\Telephony: DomainName = Integral.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Integral.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10610 bytes

KASPERSKY ONLINE SCANNER REPORT
Thursday, April 24, 2008 5:00:25 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/04/2008
Kaspersky Anti-Virus database records: 724127


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
F:\
X:\

Scan Statistics
Total number of scanned objects 88456
Number of viruses found 11
Number of infected objects 18
Number of suspicious objects 2
Duration of the scan process 02:21:13

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\20080424112206\backup\Users\MATHEW~1.INT\AppData\Local\Temp\bis7B67.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Downloads\Software\adobe_photoshop_cs3.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.pae skipped

C:\Downloads\Software\adobe_photoshop_cs3.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ury skipped

C:\Downloads\Software\adobe_photoshop_cs3.exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.ujl skipped

C:\Downloads\Software\adobe_photoshop_cs3.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ujl skipped

C:\Downloads\Software\adobe_photoshop_cs3.exe RarSFX: infected - 4 skipped

C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped

C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped

C:\ProgramData\eqidolscr\BowsSect.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\ProgramData\eqidolscr\wzbzvpox.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.279.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.279.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy34983.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy34984.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf298F.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf299F.tmp Object is locked skipped

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050253.log Object is locked skipped

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip/mrofinu1535.exe Suspicious: Password-protected-EXE skipped

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip ZIP: suspicious - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Outlook\archive.pst Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Outlook\outlook23.ost Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042420080425\index.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOVF4367\p_674377344=0&[10].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOVF4367\p_674377344=0&[5].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOVF4367\p_674377344=0&[6].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOVF4367\p_674377344=0&[7].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOVF4367\p_674377344=0&[8].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOVF4367\p_674377344=0&[9].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEAWDY12\rikki_couch5_270X160[1].flv Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHQV4W94\BurstingInteractionsPipe[1].htm Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF2893.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS3804.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\UsrClass.dat{acccddc9-2442-11dc-9028-001b2416d22b}.TM.blf Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\UsrClass.dat{acccddc9-2442-11dc-9028-001b2416d22b}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows\UsrClass.dat{acccddc9-2442-11dc-9028-001b2416d22b}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows Defender\FileTracker\{13D0564C-7F34-45E1-90ED-AFA0B35C93B1} Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\ExchangePerflog_8484fa31d1de07decfcccd43.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\flaDE3F.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\tic41F.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\tic4E61.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\tic7A96.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\ticB5A.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\ticBF5.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\ticC83D.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\Free Download Manager\ticE174.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~DF211D.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~DF4C25.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~DF4C2C.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~DFD6EB.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~DFD839.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~DFDBCF.tmp Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Local\Temp\~WRD0908.doc Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\663965a3-367b83dd/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\663965a3-367b83dd/Counter.class Infected: Trojan.Java.ClassLoader.h skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\663965a3-367b83dd/Parser.class Infected: Trojan.Java.ClassLoader.d skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\663965a3-367b83dd ZIP: infected - 3 skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5b3b23b6-4b9d0453/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5b3b23b6-4b9d0453/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5b3b23b6-4b9d0453/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5b3b23b6-4b9d0453/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Users\mathewb.INTEGRAL\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5b3b23b6-4b9d0453 ZIP: infected - 4 skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Outlook\outitems.log Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Outlook\Outlook.srs Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype\matyb73\contactgroup256.dbb Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype\matyb73\dyncontent\bundle.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype\matyb73\index2.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype\matyb73\profile256.dbb Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype\matyb73\user1024.dbb Object is locked skipped

C:\Users\mathewb.INTEGRAL\AppData\Roaming\Skype\matyb73\voicemail256.dbb Object is locked skipped

C:\Users\mathewb.INTEGRAL\ntuser.dat Object is locked skipped

C:\Users\mathewb.INTEGRAL\ntuser.dat.LOG1 Object is locked skipped

C:\Users\mathewb.INTEGRAL\ntuser.dat.LOG2 Object is locked skipped

C:\Users\mathewb.INTEGRAL\ntuser.dat{7ef13835-1011-11dd-917b-00037aeafcba}.TM.blf Object is locked skipped

C:\Users\mathewb.INTEGRAL\ntuser.dat{7ef13835-1011-11dd-917b-00037aeafcba}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\mathewb.INTEGRAL\ntuser.dat{7ef13835-1011-11dd-917b-00037aeafcba}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\Mathewb.MathewB-PC\AppData\Local\Temp\NeroDemo12550\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\CSC\v2.0.6\pq Object is locked skipped

C:\Windows\Debug\netlogon.log Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

Scan was interrupted by user!

BC AdBot (Login to Remove)

 


m

#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:49 PM

Posted 11 May 2008 - 07:44 PM

Hello mattyb


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:49 PM

Posted 20 May 2008 - 07:50 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users