Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Came Home From Work To Find My Computer Infected


  • Please log in to reply
6 replies to this topic

#1 luie620

luie620

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 25 May 2008 - 07:25 PM

Hello all!! :)

I don't want to bore anybody with my story but yesterday I came home to hear my dad tell me he thinks he clicked on the wrong link. I turn on the computer and noticed the wallpaper changed to a blue screen with a fake message saying "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer." If that wasn't obvious enough, I saw some little bugs crawling on the screen eating away all my desktop icons. Thankfully they came back when the bugs went away.

I ran as many scans possible throughout the night. First, I ran a scan with a-squared which picked up a trojan and some spyware. The log goes as followed:

***********************************************************************************************************************************

a-squared Free - Version 3.5
Last update: 5/24/2008 11:14:28 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, E:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 5/24/2008 11:16:37 PM

c:\windows\system32\h@tkeysh@@k.dll detected: Trace.File.H@tKeysH@@k
c:\documents and settings\main\local settings\temp\px.dll detected: Trace.File.WhenU.SaveNow
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\bounds --> Main.Height detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\bounds --> Main.Left detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\bounds --> Main.Maximized detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\bounds --> Main.Top detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\bounds --> Main.Width detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Columns\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Columns\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Columns\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Data --> AresNet1 detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Data --> JI.AresNet1 detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Positions\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Positions\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares\Positions\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> ChatRoom.ServerPort detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> ChatRoom.ShowJP detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Extra.ShowActiveCaption detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> General.AutoConnect detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> General.AutoStartUp detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> General.LastLibraryMode detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> GUI.LastChatRoomBrowse detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> GUI.LastLibrary detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> GUI.LastPMBrowse detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> GUI.LastSearch detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Personal.GUID detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Privacy.SendRegularPath detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> PrivateMessage.AllowBrowse detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> PrivateMessage.AwayMessage detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.CAvgTime detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.CDnSpeed detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.CFRTime detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.CTtUptime detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.CUpSpeed detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.HasLQCa detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.LstCaQuery detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Stats.LstCaQueryInt detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Transfer.MaximizeUpBandOnIdle detected: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2509586070-2626175335-2571225989-1009\Software\Ares --> Transfer.ServerPort detected: Trace.Registry.Ares
c:\program files\gamespy arcade detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\addins detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\cstrike detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\cstrike\frontline detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\action detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\cstrike detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\firearms detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\frontline detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\gearbox detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\tfc detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\aq2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\battle detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\chaosdm detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\duel detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\freeze detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\gloom detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\gxmod detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\holywars detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\jail detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\kots detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\lfiredm detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\lithium2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\lmctf detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\pball detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\q2comp detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\qpong detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\ra2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\requiem detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\sconfig detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\tourney detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\wf detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\wod detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\alliance detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\beryllium detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\excessive detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\instagib detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\jailbreak detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\matchmod detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\osp detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\q3comp detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\q3f detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\q3ut2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\requiem detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\rocketarena3 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\wfa detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\arena detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ch detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ctf detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ctfb detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ctfplus detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\dd detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\dm detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\duel detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\fr detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\mt detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\open cal detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\rpg detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\tac detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut\excessive detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut\rocketarena detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut\swat detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\images detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\images\portraits detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\profiles detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\profiles\(default) detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_common detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_demospy detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_fplanet detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_gnews detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_gspyder detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_news detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_support detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\skins detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\sounds detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\sounds\(default) detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\sounds\classic detected: Trace.Directory.GameSpy Arcade
Value: HKEY_CLASSES_ROOT\.arescol --> Content Type detected: Trace.Registry.Ares Galaxy P2P Plus
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares Galaxy P2P Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.arescol --> Content Type detected: Trace.Registry.Ares Galaxy P2P Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol detected: Trace.Registry.Ares Galaxy P2P Plus
C:\Documents and Settings\Main\Cookies\main@247realmedia[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@2o7[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@adserver.rawkus[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@advertising[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@atdmt[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@bizrate[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@bluestreak[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@bs.serving-sys[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@casalemedia[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@com[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@doubleclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@fastclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@media.adrevolver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@media.adrevolver[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@media.mtvnservices[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@media6degrees[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@mediaplex[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@mediaservices.myspace[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@questionmarket[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@realmedia[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@rubiconproject[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@serving-sys[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@specificclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@statcounter[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@trafficmp[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@tribalfusion[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@tripod[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Cookies\main@webtrends.chase[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:46 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:47 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:169 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:174 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:175 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:176 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:178 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:179 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:181 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:182 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:183 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:184 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:189 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:190 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:195 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:197 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:201 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:219 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:220 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:221 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:222 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:223 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:236 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:237 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:239 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:248 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:259 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:279 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:280 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:283 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:284 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:285 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:295 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:296 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:297 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:298 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:299 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:300 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:301 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:304 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:305 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:307 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:308 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:309 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:329 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:330 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:331 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:332 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:333 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:334 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:335 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:336 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:359 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:385 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:386 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:387 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:388 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:389 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:390 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:396 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:460 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:468 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:469 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:472 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:473 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:476 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:477 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:524 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:554 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:555 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:556 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:562 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:583 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:584 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:585 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:599 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:600 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:601 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:602 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:603 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:604 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:605 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:608 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:611 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:612 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:649 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:650 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:651 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:652 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:653 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:654 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:655 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:656 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:657 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:658 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:659 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:660 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:661 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:662 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:663 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:664 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:665 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:666 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:667 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:668 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:669 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:670 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:671 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:672 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:673 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:674 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:675 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:676 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:677 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:678 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:679 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:680 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:681 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:687 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:772 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:773 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:774 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:775 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:776 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:777 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:795 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:796 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:805 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:846 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:847 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:855 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:856 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:857 detected: Trace.TrackingCookie
C:\Documents and Settings\Main\Application Data\Mozilla\Firefox\Profiles\xhubeu4u.default\cookies.txt:887 detected: Trace.TrackingCookie
C:\Documents and Settings\Luis\Local Settings\Temp\snapsnet.exe detected: Trojan-Downloader.Win32.VB.bgd
C:\Documents and Settings\Main\Desktop\Desktop Shortcuts\Spyware\VundoFix\process.exe detected: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Main\Desktop\Desktop Shortcuts\Spyware Removal\backups\backup-20070703-182559-294.dll detected: Adware.Win32.Agent.db
C:\Program Files\mIRC\mirc.exe detected: Riskware.Client-IRC.Win32.mIRC.16
C:\VundoFix Backups\mllmj.dll.bad detected: Adware.Win32.Virtumonde.fp

Scanned

Files: 466699
Traces: 404758
Cookies: 1428
Processes: 81

Found

Files: 5
Traces: 127
Cookies: 162
Processes: 0
Registry keys: 0

Scan end: 5/25/2008 9:46:32 AM
Scan time: 10:29:55

***********************************************************************************************************************************

Right after that I ran AVG and it came up with a Downloader.FakeAlert.bu and finally SuperAntiSpyware found something called Vundo Variant/Rel, WebBuying Assistant, PC-Cleaner (Rogue), Trojan.Downloader-Gen/SnapSNet, Trojan.SystemDriver, Trojan.Unclassified/CTFMONA, and another unknown trojan.

Finally I ran HijackThis and here is the log:

***********************************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:20 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmona.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Main\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sHotkey] C:\Program Files\SONY\sHotKey\sHotKey.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [{36-6A-A2-2C-ZN}] C:\DOCUME~1\Luis\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [alpha] c:\DriverLoad\windrv0.exe
O4 - HKCU\..\Run: [beta] c:\DriverLoad\windrv0.exe
O4 - HKCU\..\Run: [gamma] c:\DriverLoad\windrv0.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Orb] C:\Program Files\Winamp Remote\bin\orbtray.exe
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\DriverLoad\windrv0.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SystemDriver] (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggdcdb - hggdcdb.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dsuwj.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\vikokidu.html

--
End of file - 17838 bytes


***********************************************************************************************************************************

I know its a hanfull but I'm confident somebody will be willing to help out :thumbsup:

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:38 PM

Posted 27 May 2008 - 08:46 PM

Hello luie620 and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 28 May 2008 - 04:21 PM

Ok, I cleaned up with ATF, scanned with OT and the log is posted.

Edited by luie620, 28 May 2008 - 04:21 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:38 PM

Posted 28 May 2008 - 04:50 PM

Hi luie620. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
AFSEGTGF Windows Service
TnIDriver
Files to delete:
%systemdrive%\docume~1\main\locals~1\temp\tni158.tmp
%systemroot%\system32\ctfmona.exe
%systemroot%\system32\ctfmonb.bmp
%systemroot%\system32\dsuwj.exe
%systemroot%\tasks\at1.job
%systemroot%\tasks\at10.job
%systemroot%\tasks\at11.job
%systemroot%\tasks\at12.job
%systemroot%\tasks\at13.job
%systemroot%\tasks\at14.job
%systemroot%\tasks\at15.job
%systemroot%\tasks\at16.job
%systemroot%\tasks\at17.job
%systemroot%\tasks\at18.job
%systemroot%\tasks\at19.job
%systemroot%\tasks\at2.job
%systemroot%\tasks\at20.job
%systemroot%\tasks\at21.job
%systemroot%\tasks\at22.job
%systemroot%\tasks\at23.job
%systemroot%\tasks\at24.job
%systemroot%\tasks\at3.job
%systemroot%\tasks\at4.job
%systemroot%\tasks\at5.job
%systemroot%\tasks\at6.job
%systemroot%\tasks\at7.job
%systemroot%\tasks\at8.job
%systemroot%\tasks\at9.job
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> ctfmona.exe -> %SystemRoot%\system32\ctfmona.exe
[Win32 Services - Non-Microsoft Only]
YY -> (AFSEGTGF Windows Service) AFSEGTGF Windows Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\dsuwj.exe
[Driver Services - Non-Microsoft Only]
YY -> (TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Main\LOCALS~1\Temp\tni158.tmp
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
YN -> {36-6A-A2-2C-ZN} -> %SystemDrive%\DOCUME~1\Luis\LOCALS~1\Temp\thinksnet.exe [C:\DOCUME~1\Luis\LOCALS~1\Temp\thinksnet.exe CHD003]
YN -> Alcmtr -> ALCMTR.EXE [ALCMTR.EXE]
YN -> AlcWzrd -> ALCWZRD.EXE [ALCWZRD.EXE]
YY -> ctfmona -> %SystemRoot%\system32\ctfmona.exe [C:\WINDOWS\system32\ctfmona.exe]
YN -> High Definition Audio Property Page Shortcut -> HDAudPropShortcut.exe [HDAudPropShortcut.exe]
YN -> SoundMan -> SOUNDMAN.EXE [SOUNDMAN.EXE]
YN -> WD Button Manager -> WDBtnMgr.exe [WDBtnMgr.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ADriver -> []
YN -> alpha -> %SystemDrive%\DriverLoad\windrv0.exe [c:\DriverLoad\windrv0.exe]
YN -> beta -> %SystemDrive%\DriverLoad\windrv0.exe [c:\DriverLoad\windrv0.exe]
YN -> CDriver -> []
YN -> DDriver -> []
YN -> FDriver -> []
YN -> gamma -> %SystemDrive%\DriverLoad\windrv0.exe [c:\DriverLoad\windrv0.exe]
YN -> SystemDriver -> []
< Main Startup Folder > -> C:\Documents and Settings\Main\Start Menu\Programs\Startup
YN -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> hggdcdb -> hggdcdb.dll
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\\WINDOWS\\system32\\sstqn -> 
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\MP3s\utorrent.exe -> D:\MP3s\utorrent.exe [D:\MP3s\utorrent.exe:*:Enabled:µTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\gxseuqbd.exe -> C:\WINDOWS\system32\gxs
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\MP3s\utorrent.exe -> E:\MP3s\utorrent.exe [E:\MP3s\utorrent.exe:*:Enabled:µTorrent]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000]
[Files/Folders - Created Within 30 days]
NY -> ctfmona.exe -> %SystemRoot%\System32\ctfmona.exe
NY -> ctfmonb.bmp -> %SystemRoot%\System32\ctfmonb.bmp
[Files/Folders - Modified Within 30 days]
NY -> ctfmona.exe -> %SystemRoot%\System32\ctfmona.exe
NY -> ctfmonb.bmp -> %SystemRoot%\System32\ctfmonb.bmp
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Just use the default settings.
  • Copy/Paste the text in the codebox below into the Custom Scans box:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here by copy/pasting them into the reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in the reply:
  • The new OTScanIt scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 29 May 2008 - 08:39 AM

When I ran the OT fix the first time for some reason it closed explorer but didn't do anything afterwards. Then I restarted and the system tried to scan for errors on the drive, which I canceled. When windows booted I think it couldn't find a few files. So I restarted again and ran the fix and everything went smooth!

*************************************************************************************************************************

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "AFSEGTGF Windows Service" deleted successfully.
Driver "TnIDriver" deleted successfully.

Error: file "C:\docume~1\main\locals~1\temp\tni158.tmp" not found!
Deletion of file "C:\docume~1\main\locals~1\temp\tni158.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\ctfmona.exe" deleted successfully.
File "C:\WINDOWS\system32\ctfmonb.bmp" deleted successfully.

Error: file "C:\WINDOWS\system32\dsuwj.exe" not found!
Deletion of file "C:\WINDOWS\system32\dsuwj.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\tasks\at1.job" deleted successfully.
File "C:\WINDOWS\tasks\at10.job" deleted successfully.
File "C:\WINDOWS\tasks\at11.job" deleted successfully.
File "C:\WINDOWS\tasks\at12.job" deleted successfully.
File "C:\WINDOWS\tasks\at13.job" deleted successfully.
File "C:\WINDOWS\tasks\at14.job" deleted successfully.
File "C:\WINDOWS\tasks\at15.job" deleted successfully.
File "C:\WINDOWS\tasks\at16.job" deleted successfully.
File "C:\WINDOWS\tasks\at17.job" deleted successfully.
File "C:\WINDOWS\tasks\at18.job" deleted successfully.
File "C:\WINDOWS\tasks\at19.job" deleted successfully.
File "C:\WINDOWS\tasks\at2.job" deleted successfully.
File "C:\WINDOWS\tasks\at20.job" deleted successfully.
File "C:\WINDOWS\tasks\at21.job" deleted successfully.
File "C:\WINDOWS\tasks\at22.job" deleted successfully.
File "C:\WINDOWS\tasks\at23.job" deleted successfully.
File "C:\WINDOWS\tasks\at24.job" deleted successfully.
File "C:\WINDOWS\tasks\at3.job" deleted successfully.
File "C:\WINDOWS\tasks\at4.job" deleted successfully.
File "C:\WINDOWS\tasks\at5.job" deleted successfully.
File "C:\WINDOWS\tasks\at6.job" deleted successfully.
File "C:\WINDOWS\tasks\at7.job" deleted successfully.
File "C:\WINDOWS\tasks\at8.job" deleted successfully.
File "C:\WINDOWS\tasks\at9.job" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

***************************************************************************************************************************

Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process ctfmona.exe .
File C:\WINDOWS\system32\ctfmona.exe not found.
[Win32 Services - Non-Microsoft Only]
Unable to stop service AFSEGTGF Windows Service .
Unable to delete service AFSEGTGF Windows Service .
File C:\WINDOWS\system32\dsuwj.exe not found.
[Driver Services - Non-Microsoft Only]
Unable to stop service TnIDriver .
Unable to delete service TnIDriver .
File C:\DOCUME~1\Main\LOCALS~1\Temp\tni158.tmp not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\~EmptyValue not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{36-6A-A2-2C-ZN} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36-6A-A2-2C-ZN}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AlcWzrd not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmona not found.
File C:\WINDOWS\system32\ctfmona.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\High Definition Audio Property Page Shortcut not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SoundMan not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WD Button Manager not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ADriver not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\alpha not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\beta not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CDriver not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DDriver not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FDriver not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gamma not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SystemDriver not found.
File C:\Documents and Settings\Main\Start Menu\Programs\Startup\Adobe Gamma.lnk not found.
File C:\Documents and Settings\Main\Start Menu\Programs\Startup\Adobe Gamma.lnk not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggdcdb\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Unable to delete registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\\WINDOWS\\system32\\sstqn .
File not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\MP3s\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\gxseuqbd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\MP3s\utorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\ctfmona.exe not found!
File C:\WINDOWS\System32\ctfmonb.bmp not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\ctfmona.exe not found!
File C:\WINDOWS\System32\ctfmonb.bmp not found!
File C:\WINDOWS\tasks\At1.job not found!
File C:\WINDOWS\tasks\At10.job not found!
File C:\WINDOWS\tasks\At11.job not found!
File C:\WINDOWS\tasks\At12.job not found!
File C:\WINDOWS\tasks\At13.job not found!
File C:\WINDOWS\tasks\At14.job not found!
File C:\WINDOWS\tasks\At15.job not found!
File C:\WINDOWS\tasks\At16.job not found!
File C:\WINDOWS\tasks\At17.job not found!
File C:\WINDOWS\tasks\At18.job not found!
File C:\WINDOWS\tasks\At19.job not found!
File C:\WINDOWS\tasks\At2.job not found!
File C:\WINDOWS\tasks\At20.job not found!
File C:\WINDOWS\tasks\At21.job not found!
File C:\WINDOWS\tasks\At22.job not found!
File C:\WINDOWS\tasks\At23.job not found!
File C:\WINDOWS\tasks\At24.job not found!
File C:\WINDOWS\tasks\At3.job not found!
File C:\WINDOWS\tasks\At4.job not found!
File C:\WINDOWS\tasks\At5.job not found!
File C:\WINDOWS\tasks\At6.job not found!
File C:\WINDOWS\tasks\At7.job not found!
File C:\WINDOWS\tasks\At8.job not found!
File C:\WINDOWS\tasks\At9.job not found!
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\Perflib_Perfdata_11b0.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\Perflib_Perfdata_11c4.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\~DFB7C7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\~DFF700.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Main\Local Settings\Temp\~DFFD3B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\hsperfdata_LOCAL SERVICE\1512 scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET73B4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET946B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETAD61.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETADEE.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01d24.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07cd8.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.2 fix logfile created on 05282008_210317

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
C:\Documents and Settings\Main\Local Settings\Temp\hpodvd09.log moved successfully.
File C:\Documents and Settings\Main\Local Settings\Temp\Perflib_Perfdata_11b0.dat not found!
File C:\Documents and Settings\Main\Local Settings\Temp\Perflib_Perfdata_11c4.dat not found!
File C:\Documents and Settings\Main\Local Settings\Temp\Perflib_Perfdata_724.dat not found!
C:\Documents and Settings\Main\Local Settings\Temp\~DFB7C7.tmp moved successfully.
File C:\Documents and Settings\Main\Local Settings\Temp\~DFF700.tmp not found!
C:\Documents and Settings\Main\Local Settings\Temp\~DFFD3B.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\hsperfdata_LOCAL SERVICE\1512 scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JET73B4.tmp not found!
File C:\WINDOWS\temp\JET946B.tmp not found!
File C:\WINDOWS\temp\JETAD61.tmp not found!
File C:\WINDOWS\temp\JETADEE.tmp not found!
File C:\WINDOWS\temp\ZLT01d24.TMP not found!
File C:\WINDOWS\temp\ZLT07cd8.TMP not found!

**********************************************************************************************************************

Scanning Report
Wednesday, May 28, 2008 21:41:35 - 09:15:58

Computer name: LUIE
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 6 malware found
Adware:W32/H@tKeysH@@k.A (spyware)

* System

Client-IRC.Win32.mIRC (spyware)

* System

Trojan.Win32.Obfuscated.gx (virus)

* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\IHKBYNSD.EXE (Renamed & Submitted)

Trojan.Win32.Patched.af (virus)

* C:\PROGRAM FILES\JAVA\JRE1.6.0_01\BIN\JUSCHED.EXE (Disinfected & Submitted)

Worm.Win32.Perlovga (virus)

* System

Worm.Win32.Perlovga.a (virus)

* C:\WINDOWS\AUTORUN.INF

Statistics
Scanned:

* Files: 108387
* System: 6886
* Not scanned: 10

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 4
* Submitted: 2

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\HSPERFDATA_LOCAL SERVICE\1512
* C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\RECORDED TV\TEMPREC\TEMPSBE\MSDVRMM_2094230060_18022400_22715

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Blacklight: 1.0.68
* F-Secure Hydra: 2.8.8110, 2008-05-29
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure AVP: 7.0.171, 2008-05-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:38 PM

Posted 29 May 2008 - 09:33 AM

Hi luie620. Yes, it is supposed to close Explorer when it runs so that is Ok.

Everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 luie620

luie620
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 29 May 2008 - 12:52 PM

That was a lot easier than I had anticipated!

Thanks for everything OT. I'll get back to you in a few days to see how everything is running. Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users