Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow But No Virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 Quevvy

Quevvy

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 04 May 2008 - 08:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:29 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\MotorolaDAP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\IR9SBY4X\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [WinMX] C:\Documents and Settings\Tommy\Desktop\WinMX.exe -m (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [csrss] C:\WINDOWS\csrss.exe (User 'Tommy')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users.WINDOWS\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\System32\MotorolaDAP.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8236 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:07 PM

Posted 09 May 2008 - 06:01 PM

Hello Quevvy,

You have a suspicious file we need to check.

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\csrss.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results also in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

************************

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint

************************


C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\IR9SBY4X\HiJackThis[1].exe


You need to put HijackThis into its own folder, but not a temp folder. It won't save the backups if it is run from a temporary folder, and we will be deleting the temp folder.

Here is how to make a Hijackthis folder:

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT". Now you have C:\HJT\ folder. Put your hijackthis.exe there.
Please post a new log.

Edited by SifuMike, 09 May 2008 - 06:02 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 09 May 2008 - 09:31 PM

I couldn't find csrss.exe and then I deleted Viewpoint Media Player and moved HJT
__________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:19 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\MotorolaDAP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/ind...mp;highlite=%2B
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [WinMX] C:\Documents and Settings\Tommy\Desktop\WinMX.exe -m (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [csrss] C:\WINDOWS\csrss.exe (User 'Tommy')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users.WINDOWS\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\System32\MotorolaDAP.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8054 bytes

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:07 PM

Posted 09 May 2008 - 09:43 PM

Hi Quevvy,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Sun Java Runtime Environment 6 Update 6.
  • Scroll down to where it says "Sun Java Runtime Environment 6 Update 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

**************************

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.


**************************

Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.

Edited by SifuMike, 09 May 2008 - 09:46 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 10 May 2008 - 08:46 AM

Malwarebytes' Anti-Malware 1.12
Database version: 737

Scan type: Quick Scan
Objects scanned: 56289
Time elapsed: 13 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MsSC2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\retro64_loader.r64loader (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\retro64_loader.r64loader.1 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\n.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuamfu32.ini (Malware.Trace) -> Quarantined and deleted successfully.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 10, 2008 8:43:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/05/2008
Kaspersky Anti-Virus database records: 750900
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 162247
Number of viruses found: 6
Number of infected objects: 11
Number of suspicious objects: 2
Duration of the scan process: 02:39:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0612efcff6db85323e02903af4e3020c_5a01be58-d89d-4dcf-93a2-727b5d864405 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8bd8344068bed29d6de34aa43f952dc6_5a01be58-d89d-4dcf-93a2-727b5d864405 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a50630c1815f60effec77f936fb9d8a6_5a01be58-d89d-4dcf-93a2-727b5d864405 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccfb02fe0a8f62928ebe5efc6d0f4996_5a01be58-d89d-4dcf-93a2-727b5d864405 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\02 Dr. Evil-Just The Two Of Us.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\08 - Down Heya (In the South) - YoungBloodz - Against Da Grain.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\08-8 Mile Soundtrack-xzibit-spitshine.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\2Pac, DMX & Nas - The Next Episode (Remix).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\3 Doors Down - Kryptonite (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\504 Boys - Get Your Role On.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\A-Teens - Can't Stop Falling In Love (1) (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Aaron Carter - I Want Candy.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Afro Man - Paranoid.MP3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Afroman - Because I Got High (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\All You Wanted.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\areacodes.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Asian Pride - Got Rice (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Asian Pride - Got Rice.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Asian Pride - N'sync diss.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\ATC - All Around the World (La La La La).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Avalanches-Fronteir Psychiatrist - That Boy Needs Therapy.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Avril Lavigne - Anything But Ordinary.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Avril Lavigne - Complicated (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Avril Lavigne - Let Go - 03 - Skater Boy (1).MP3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Avril Lavigne_Nobody's Fool.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\baby face feat neptunes - there she goes..mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Bare Naked Ladies - Pinch Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Beach Boys - Fun, Fun, Fun.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ben Folds - The Luckiest.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\better than ezra - Extraordinary.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Better Than Ezra - I Do.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Better than Ezra - It Was Good.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Better Then Ezra - Cry in the Sun.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Big Tymers - Number One Stunner (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Big Tymers - Number One Stunner.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\big tymers - on top of the world.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Big Tymers - Still Fly (1) (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Big Tymers-10 Ways.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Blink 182 - Take Off Your Pants and Jacket - 03 - First Date.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Blue Man Group - Boston(1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Bubba Sparks - Ugly feat. Timbaland.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Bubba Sparxxx - Triple Platinum.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Bud Light Presents - Mr. Toilet Paper Refiller.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Bud Light Presents... - Mr. Chinese Food Delivery Guy.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Bush - Glycerine.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Busta & P.Diddy ~ Pass The C..mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\busta rhymes feat. p diddy - Pass The Courvoiser 2.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Cam'ron - Oh Boy.MP3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Camron-D Rugs2-oh boy.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\classical-Mozart-Pachabel Canon D min Perfect Version.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Comedy - Monty Python - Quest for the Holy Grail - Tim The Enchanter.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Comedy - Monty Python-Argument (really funny).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Comedy Austin Powers - Fat Bastard Scene.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Crazy Town - Butterfly.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Crazytown - Drowning (NeW DarkhorsE).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Creed - Weathered - My Sacrifice (Great Quality - Actual Song).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\D12 feat. eminem - Purple Hills.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Dexter Freebish - She Is.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Dexter Freebish - Spotlight.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Disney - Pocahontas - Steady As the Beating Drum.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\DMX - Ain't No Sunshine.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\DMX - All About the Money (Unreleased Demo Tape) - Nelly Outkast DMX Eminem.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\DMX - It's dark and Hell is hot - 07 - Track 7.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\DMX-CRADLE TO THE GRAVE SOUNDTRACK-getting down.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Dr. Dre & Snoop Doggy Dog - Ain't Nuttin' But a G-Thang.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\dr. dre - The Next Episode (feat Snoop Dogg and Nate Dogg).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Eminem - Without Me (dirty).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Eminem-Cleaning out my closet.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\F.U.N. Song.MP3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Fiddler on the Roof - If I Were A Rich Man.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Fleetwood Mac - Don't Stop (live).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\G-dep feat. Puff Daddy & Black Rob - Lets Get It.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Goo Goo Dolls - Name.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Holy Outlaws Prank Call - Arnold Schwarzenegger calls the Amertania Hotel.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Jay_Z_-_H_To_The_Izzo.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\JD feat. P Diddy, Murphy Lee, and Snoop Dogg - Welcome to Atlanta (remix).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Jerky Boys - Chinese Chicken.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Jerky Boys - Prank Phone Calls - Retard Calls Walmart.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Jerky Boys - Walmart Prank Call.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Jimmy Buffet - Brown Eyed Girl.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Jimmy Fallon - Idiot Boyfriend.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Johnny Rzeznik - I'm Still Here (2).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Juvenile - Set It Off (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Juvenile - Set It Off.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Knockturnal - Straight West Coast.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Led Zeppelin - Fool In The Rain.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Led Zeppelin - Your Time Is Gonna Come.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Led Zepplin - Stairway to Heaven.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\LeeAnn Womack - I Hope You Dance.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Limp Bizkit (not) - Come My Lady.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ludacris - Back For The First Time - 09 - Stick'em Up feat UGK (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\ludacris - Move B H.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ludacris - Roll Out [clean].mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ludacris-Whats Your Fantasy (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ludacris-Whats Your Fantasy.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ludacriss -Stick'em up.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Ludicris - You's A Ho.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Matchbox 20 - 3 AM (Piano Acoustic incredible).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Matchbox 20 - storytellers live bent.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Matchbox Twenty - 3 AM.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\matchbox twenty - Real World.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Michelle Branch - Everywhere.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Moby featuring Gwen Stefani - Southside.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Monty Python - Brave Sir Robin.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Monty Python - How to Tell a Witch.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Monty Python - Lumberjack Song.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Movie Quotes - Austin Powers 2 - Fat Bastard-Get in my Belly.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Movie Quotes - Meet the Parents - Gaylord Focker.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\movie theme - Monty Python and The Holy Grail Theme.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Mozart - 9th Symphony.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Mozart - Relaxing Classical.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Mozart-Pachabel Canon in D minor Perfect Version.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nappy Roots - Set It Our (Dirty Version).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nappy_Roots_-_My_Ride_snippet_from_Watermelon,_Chicken,__Gritz (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nelly - Country Grammar (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nelly - country grammar.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nelly - E.I..mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nelly - Hot in Herre.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Nickelback - How you remind me (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\No Good - Ballin Boy (Players Verison).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\OAR - Crazy Game of Poker.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\OK Go - Get Over It.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\OLDIES - Irish Rovers - Purple People Eater.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Outkast - Bombs Over Bagdad (2).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Outkast - Land of A Million Drums.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Outkast - Throw Your Hands Up In The Air.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Outkast- B.O.B. (Bombs Over Baghdad).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\P.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\p.o.d. - youth of a nation.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Paul McCartney - Wonderful Christmas Time.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Phish - Jin and Juice.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Pink- Dont Let Me Get Me.MP3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\R (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Rap nelly- number one.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\ray charles - World Trade Center Verison.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\razel - element.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Razhel - If Your Mother Only Knew (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Razhel-The Art of Beatboxing.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\reggae Rap - DMX f. Mr. Vegas - Here Comes The Boom.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Rich Mullins - Our God is an Awsome God.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Rich Mullins - Shout To The Lord.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Road Man.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Saliva - Always.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Shane Barnard-Sanctuary-We Exalt You (Live).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sir Mix Alot - I Like Big Butts.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sixpence None the Richer - There she goes again.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Snoop Dog and Lil Kim - Do you wanna roll.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Snoop Dogg Feat. Master P, Nate Dogg, Butch Cassidy & The Eastsidaz - Lay Low (Uncensored).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Snoop Doggy Dog, Warren G, Nate Dogg, Kurupt- Ain't No Fun.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Soundtrack - Chicago Bulls - Be Like Mike.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sponge Bob Square Pants - The Fool Who Ripped His Pants) (1) (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Spongebob Squarepants Theme Song.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Steady As The Beating Drum - Pocahontas.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Steven Curtis Chapman - Fingerprints of God.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Steven Curtis Chapman - Live Out Loud.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Steven Curtis Chapman - More To This Life.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Steven Curtis Chapman - Speechless.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sublime - Santaria.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sugar Ray - Abracadabra.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sugar Ray - I Just Want To Fly.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Sum 41 - What Were All About.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\System Of A Down - Toxicity.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\T-4963811-Ludacris - Go To Sleep Hoe.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\theme - the simpsons - homer's beer song.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Third Eye Blind - Semi-Charmed Life.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Three Doors Down - Be Like That.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Tupac - Me And My Girlfriend.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\U2 - Electrical Storm (Radio Edit-best).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\U2 - With or Without You.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Vanilla Ice - Ice Ice Baby (1).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Vanilla Ice - Ice Ice Baby (2).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Vanilla Ice - Ice Ice Baby.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Weird Al - Everything You Know Is Wrong.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Weird Al Yankovic - Amish Paridise.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Weird Al Yankovich - Who Let The Cows Out (parody).mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Wow Worship - Light the Fire In my Heart Again.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\Xhibit - Alcoholic.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\MP3 Music!\ying yang twins-say i yi yi.mp3 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\TQ\TQ Outlook\TQ Old Email - MD.pst/TQ - Old Email - MD/XX MD Stuff/Hacks & Fraud/22 Feb 2001 19:12 from Lori Bolsinger:Strange Inbound Mail Failu/22 Feb 2001 04:50:Snowhite and the Seven Dwarfs - The REAL story/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.b skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\TQ\TQ Outlook\TQ Old Email - MD.pst MailMSMaill: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\TQ K2 Laptop\TQ\TQ Outlook\tqearthlink.pst/Personal Folders/Sent Items/21 Oct 2002 19:29 to Tom and Rose Quevillon (E-mail):FW: ENRON E.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\TQ K2 Laptop\TQ\TQ Outlook\tqearthlink.pst/Personal Folders/Comedy/Quotes/03 Jun 1998 21:47 from Kevin Arp:FW: Have fun with this/att1.exe Infected: not-virus:BadJoke.Win16.Stupid.a skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\TQ K2 Laptop\TQ\TQ Outlook\tqearthlink.pst MailMSMaill: infected - 1, suspicious - 1 skipped
C:\Documents and Settings\Dad.COCOA\Desktop\TQ on K2lpt600\TQ Outlook\tqearthlink.pst/Personal Folders/XX MD Stuff/Hacks & Fraud/22 Feb 2001 19:12 from Lori Bolsinger:Strange Inbound Mail Failu/22 Feb 2001 04:50:Snowhite and the Seven Dwarfs - The REAL story/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.b skipped
C:\Documents and Settings\Dad.COCOA\Desktop\TQ on K2lpt600\TQ Outlook\tqearthlink.pst/Personal Folders/Sent Items/21 Oct 2002 19:29 to Tom and Rose Quevillon (E-mail):FW: ENRON E.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Dad.COCOA\Desktop\TQ on K2lpt600\TQ Outlook\tqearthlink.pst/Personal Folders/Comedy/Quotes/03 Jun 1998 21:47 from Kevin Arp:FW: Have fun with this/att1.exe Infected: not-virus:BadJoke.Win16.Stupid.a skipped
C:\Documents and Settings\Dad.COCOA\Desktop\TQ on K2lpt600\TQ Outlook\tqearthlink.pst MailMSMaill: infected - 2, suspicious - 1 skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-50dc5ed8/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\6.0\25\2138d899-50dc5ed8 ZIP: infected - 1 skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\AOL OCP\AIM\Storage\data\pyeahrsquard\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\Perflib_Perfdata_4a0.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped
C:\System Volume Information\_restore{36284253-A185-453E-AA80-78B202B35C98}\RP252\A0027399.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{36284253-A185-453E-AA80-78B202B35C98}\RP263\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{99C71F5A-A563-47D8-9DA4-287BE111F9EB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cogvvvmm\cogvvvmm1.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:32 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\MotorolaDAP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/ind...mp;highlite=%2B
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users.WINDOWS\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\System32\MotorolaDAP.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7410 bytes

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:07 PM

Posted 10 May 2008 - 12:54 PM

Hi Quevvy,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



We need to clear the Java cache.

To Clear the Java Runtime Environment (JRE) cache, do this:
Click Start > Settings > Control Panel.
Double-click the Java icon.
-The Java Control Panel appears.
Click "Settings" under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.
Click "Delete Files".
-The Delete Temporary Files dialog box appears.
-There are three options on this window to clear the cache.
Delete Files
View Applications
View Applets

Click "OK" on Delete Temporary Files window.
-Note: This deletes all the Downloaded Applications and Applets from the cache.
Click "OK" on Temporary Files Settings window.
Close the Java Control Panel.



Please download the
OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\cogvvvmm\cogvvvmm1.exe

  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt2\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.



Reboot your computer, post the OTmoveIt2 log and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 10 May 2008 - 01:56 PM

My computer seems to be running fine. Thank you very much!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



C:\WINDOWS\system32\cogvvvmm\cogvvvmm1.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05102008_135345


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:07 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\MotorolaDAP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/forums/ind...mp;highlite=%2B
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [WinMX] C:\Documents and Settings\Tommy\Desktop\WinMX.exe -m (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-1007\..\Run: [csrss] C:\WINDOWS\csrss.exe (User 'Tommy')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-21-746137067-1979792683-682003330-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users.WINDOWS\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Motorola Digital Audio Player Manager (MotorolaDAP) - Motorola Inc. - C:\WINDOWS\System32\MotorolaDAP.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8513 bytes

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:07 PM

Posted 10 May 2008 - 05:56 PM

Hi Quevvy,

Your log looks clean! :thumbsup: Good job on the cleanup!

Open OTMoveIt2 and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.
They are not needed anymore, so OtMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.


Let's clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
NOTE: only do this ONCE, NOT on a regular basis

System Restore will now be active again.



Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes


If you want to improve speed/system performance after malware removal, take a look here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Quevvy

Quevvy
  • Topic Starter

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 10 May 2008 - 07:52 PM

Thank you ever so much! My computer is running well! :thumbsup:

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:07 PM

Posted 10 May 2008 - 09:09 PM

That is music to my ears. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:07 PM

Posted 15 May 2008 - 04:29 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users