Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Got A Virus From Www.seriall.com I Need Help Fix


  • This topic is locked This topic is locked
11 replies to this topic

#1 gamer17

gamer17

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 05 September 2006 - 03:10 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:04:18 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [8f1035ea.exe] C:\WINDOWS\system32\8f1035ea.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [8f1035ea.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\8f1035ea.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153644186982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154235481859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe




please help me fix my computer, i would greatly appreciate it. thanks to all in advanced.

BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 06 September 2006 - 12:16 PM

Hi gamer17

Rename HijackThis.exe to HJT.exe and send a fresh HijackThis log, please :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 gamer17

gamer17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 06 September 2006 - 03:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:47:18 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nseF2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A307508-A39B-4D1F-B11B-264FD58FEFDA} - C:\WINDOWS\system32\ssqpm.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [8f1035ea.exe] C:\WINDOWS\system32\8f1035ea.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [8f1035ea.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\8f1035ea.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153644186982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154235481859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 07 September 2006 - 01:24 AM

Hi

First we need to disable ad-watch that it doesn't prevent fixes:

Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both of those boxes.

After that:

Uninstall via add/remove programs if present:

ToolBar888

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nseF2.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [8f1035ea.exe] C:\WINDOWS\system32\8f1035ea.exe
O4 - HKCU\..\Run: [8f1035ea.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\8f1035ea.exe
O15 - Trusted Zone: *.elitemediagroup.net


Close all windows including browser and press fix checked.

Delete if found:

C:\Program Files\ToolBar888
C:\WINDOWS\system32\8f1035ea.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\8f1035ea.exe

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 gamer17

gamer17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 08 September 2006 - 05:19 PM

VundoFix V6.1.4

Checking Java version...

Java version is 1.5.0.6

Scan started at 2:36:11 PM 9/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\khfgecc.dll
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\winosz32.dll
C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\services.dll
C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\Update.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\khfgecc.dll
C:\WINDOWS\system32\khfgecc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\winosz32.dll
C:\WINDOWS\system32\winosz32.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\services.dll
C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\services.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\Update.exe
C:\Program Files\Common Files\{B416B4A1-07D9-1033-0816-040407260001}\Update.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.4

Checking Java version...

Java version is 1.5.0.6

Scan started at 2:46:33 PM 9/8/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssqpm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\ssqpm.dll Has been deleted!

Performing Repairs to the registry.
Done!







Logfile of HijackThis v1.99.1
Scan saved at 3:11:11 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {629467A8-EEAC-48EF-3A82-975B8E35AD31} - C:\DOCUME~1\ADMINI~1\APPLIC~1\SURFBL~1\kind bits.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A307508-A39B-4D1F-B11B-264FD58FEFDA} - C:\WINDOWS\system32\ssqpm.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [dumbhelp] C:\DOCUME~1\ADMINI~1\APPLIC~1\FRAGBI~1\Ante Default Readme.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153644186982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154235481859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F69E99F8-1C5B-4FF1-BDCF-2F7437AAE160}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe






i tried to delete the

C:\WINDOWS\system32\8f1035ea.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\8f1035ea.exe

but when i went there i couldnt locate those files, but then when my computer restarted after the vundofix then adaware popped up saying do you want to block this program and the program was the same two files that i couldnt locate, so i know there there they are just hidden pretty good. i even made sure that all hidden files and folders would show up, using the folder options menu.

also when i went to delete toolbar888 in the programfiles folder it would let me delete all of it but the mytoolbar.dll


thank you so much for helping me shaba i really appreciate it.

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 09 September 2006 - 03:49 AM

Hi

Open HijackThis, click do a system scan only and checkmark this:

O2 - BHO: (no name) - {7A307508-A39B-4D1F-B11B-264FD58FEFDA} - C:\WINDOWS\system32\ssqpm.dll (file missing)

Close all windows including browser and press fix checked.

Boot in safe mode -> http://www.pchell.com/support/safemode.shtml

Delete this folder -> C:\Program Files\ToolBar888

Reboot

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
    • Carefully type or copy and paste this series of characters into the lower text area labelled Insert CLSID Here. Include the {}:

      {629467A8-EEAC-48EF-3A82-975B8E35AD31}
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Edited by Shaba, 09 September 2006 - 03:50 AM.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 gamer17

gamer17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 09 September 2006 - 08:16 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:13:06 PM, on 9/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153644186982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154235481859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F69E99F8-1C5B-4FF1-BDCF-2F7437AAE160}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe








Fix running from: C:\Documents and Settings\Administrator\Desktop
[9/9/2006]
[6:06:50 PM]

---Infection Files Found/Removed---
C:\Documents and Settings\Administrator\Application Data\Frag bib data\Proxy Defy Draw.exe
C:\Documents and Settings\Administrator\Application Data\Surf Blue\kind bits.exe
C:\Documents and Settings\Administrator\Application Data\Frag bib data\ocmwgjxt.exe
C:\Documents and Settings\All Users\Application Data\amokregsshowwipe\jumpgreat.exe

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Ahead
C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Creative
C:\Documents and Settings\Administrator\Application Data\Elaborate Bytes
C:\Documents and Settings\Administrator\Application Data\Ethereal
C:\Documents and Settings\Administrator\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Lavasoft
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Smartftp
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Utorrent
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 10 September 2006 - 03:40 AM

Hi

Logs look good, but let's run one online scan:

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Send:

- a fresh HijackThis log
- kaspersky report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 17 September 2006 - 09:58 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 gamer17

gamer17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 17 September 2006 - 01:26 PM

i am reopening this topic because someone closed it but the reason why i didnt answer back for a while was because i was camping, so sorry guys. but shaba here is the kaspersky report and the highjackthis log that you asked for.







KASPERSKY ONLINE SCANNER REPORT
Saturday, September 16, 2006 7:48:40 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/09/2006
Kaspersky Anti-Virus database records: 210819


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
F:\
G:\

Scan Statistics
Total number of scanned objects 78006
Number of viruses found 18
Number of infected objects 52 / 0
Number of suspicious objects 0
Duration of the scan process 01:10:28

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\idlemg.exe.bac_a04440 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\ss1205.exe.bac_a04440 Infected: Trojan-Dropper.Win32.Small.qn skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwoa.exe.bac_a04440 Infected: Trojan-Downloader.Win32.TSUpdate.l skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwol.exe.bac_a04440 Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwom.exe.bac_a04440 Infected: Trojan-Downloader.Win32.TSUpdate.n skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwop.exe.bac_a04440 Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\winD6.tmp.exe.bac_a04440 Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Desktop\setup files\Slysoft.CloneDVD.v2.8.9.9.incl.keygen-Snd.by.ChingLiu\SetupCloneDVD2899Slysoft.exe/serv.exe Infected: Backdoor.Win32.Ciadoor.13 skipped

C:\Documents and Settings\Administrator\Desktop\setup files\Slysoft.CloneDVD.v2.8.9.9.incl.keygen-Snd.by.ChingLiu\SetupCloneDVD2899Slysoft.exe CAB: infected - 1 skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\infected.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\Working\database_86B4_16C2_B416_B4A1\dfsr.db Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\Working\database_86B4_16C2_B416_B4A1\fsr.log Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\Working\database_86B4_16C2_B416_B4A1\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\wacky_guy89@yahoo.com\SharingMetadata\Working\database_86B4_16C2_B416_B4A1\tmp.edb Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\wacky_guy89@yahoo.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\wacky_guy89@yahoo.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\b103.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\b103.exe/stream Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\b103.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\b111.exe/stream/data0002 Infected: Trojan-Downloader.Win32.VB.afa skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\b111.exe/stream Infected: Trojan-Downloader.Win32.VB.afa skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\b111.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\mstCD.tmp Infected: Packed.Win32.Klone.g skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\mstDC.tmp Infected: Packed.Win32.Klone.g skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1D4F.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1DE4.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1E4E.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCA2D.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCA5C.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\NoLopBackups\Kind Bits.exe.05.infected Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\NoLopBackups\Proxy Defy Draw.exe.04.infected Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped

C:\sti.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP0\A0000003.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP17\A0000988.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP19\A0001307.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP23\A0004885.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP25\A0004993.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP28\A0005050.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP3\A0000094.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP75\A0005971.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006062.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006067.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006068.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006069.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006070.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006071.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006075.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006076.exe Infected: Trojan-Dropper.Win32.Small.qn skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006079.ocx Infected: Trojan-Dropper.Win32.VB.dq skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP76\A0006083.dll Infected: Trojan-Downloader.Win32.Agent.awb skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP77\A0006527.exe Infected: Trojan-Downloader.Win32.Zlob.adn skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP79\A0006699.dll Infected: Packed.Win32.Klone.g skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP80\A0006894.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP80\A0006895.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\System Volume Information\_restore{D55E383A-A35A-49F8-9B12-9FBDBAA4BCA9}\RP87\change.log Object is locked skipped

C:\VundoFix Backups\winosz32.dll Infected: Packed.Win32.Klone.g skipped

C:\WINDOWS\ac3_0002.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Setup90.exe/data0002 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\Setup90.exe/data0005 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\Setup90.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\Setup90.exe NSIS: infected - 3 skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{35A9D5E0-FC95-4FCA-B576-862DF6E9E040}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\sys02273580383-1.exe Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\sam Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\security Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ismini.exe Infected: Trojan-Downloader.Win32.Zlob.xy skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped

C:\WINDOWS\Temp\win577.tmp.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\WINDOWS\uninst104.exe Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\uni_ehhhh.exe Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001119.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001120.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001121.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001122.cat Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001123.inf Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001124.ver Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001125.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001126.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001127.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001128.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001129.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001130.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001131.ver Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001132.inf Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001133.cat Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001134.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001135.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001136.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001137.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001138.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP21\A0001139.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001178.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001179.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001180.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001181.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001182.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001183.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001184.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001185.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001186.inf Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001187.inf Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001188.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001189.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001190.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001191.cat Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001192.cat Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001193.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001194.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001195.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001196.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001197.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001198.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001199.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001200.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001201.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001202.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001203.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001204.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001205.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001206.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001207.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001208.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001209.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001210.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001211.exe Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001212.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001213.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001214.tsp Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001215.TSP Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001216.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001217.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001218.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001219.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001220.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001221.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001222.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001223.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001224.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001225.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001226.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001227.dll Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001228.ver Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001229.ver Object is locked skipped

G:\System Volume Information\_restore{72C1019D-9157-49B6-AB79-E2DC65E8CBC9}\RP22\A0001230.dll Object is locked skipped

Scan process completed.









Logfile of HijackThis v1.99.1
Scan saved at 11:24:50 AM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\Administrator\Desktop\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153644186982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154235481859
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F69E99F8-1C5B-4FF1-BDCF-2F7437AAE160}: NameServer = 192.168.1.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe




thanks shaba for all your help :-)

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 18 September 2006 - 01:05 AM

Hi gamer17 :thumbsup:

Download KillBox from here:

KillBox

Unzip the folder to your desktop.

* Start Killbox.exe
* Select the Delete on Reboot option.
* Click on the All Files button.
* Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:


C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\idlemg.exe.bac_a04440
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\ss1205.exe.bac_a04440
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwoa.exe.bac_a04440
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwol.exe.bac_a04440
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwom.exe.bac_a04440
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\uiwop.exe.bac_a04440
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\winD6.tmp.exe.bac_a04440
C:\Documents and Settings\Administrator\Desktop\setup files\Slysoft.CloneDVD.v2.8.9.9.incl.keygen-Snd.by.ChingLiu\SetupCloneDVD2899Slysoft.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\b103.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\b111.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\mstCD.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\mstDC.tmp
C:\WINDOWS\Setup90.exe
C:\WINDOWS\sys02273580383-1.exe
C:\WINDOWS\ac3_0002.exe
C:\WINDOWS\Temp\win577.tmp.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\uni_ehhhh.exe


* Go to the File menu of Killbox, and choose Paste from Clipboard.
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
* Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Empty these folders:

C:\NoLopBackups
C:\VundoFix Backups

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#12 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:59 PM

Posted 27 September 2006 - 09:42 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users