Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Greetings And Help! :)


  • This topic is locked This topic is locked
18 replies to this topic

#1 barry123

barry123

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 October 2006 - 02:23 AM

I have an old laptop that is crying at the moment, i have run lots of different spyware software in the hope of makeing it better but still have not sorted it out. can anyone look at these logs and give me some much needed advice?

Logfile of HijackThis v1.99.1
Scan saved at 07:45:18, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\kybrdff_e21.exe
C:\dfndrff_e21.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.uko2.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e21.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e21.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.uko2.co.uk
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...FreeInstall.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = homeuserdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = homeuserdomain
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

BC AdBot (Login to Remove)

 


#2 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 05 October 2006 - 04:47 AM

Hi and welcome. My name is kairis and I will be helping you.
You have some crap there! But don't worry; we'll get you cleaned up!
Please follow my steps in the right order...
We'll start with this:
Step 1:
Please download Combofix
http://download.bleepingcomputer.com/sUBs/combofix.exe
to your desktop.

Doubleclick combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Step 2:

With all other windows closed, start your HijackThis and Click "Do a System Scan Only"
Click in the check-box to the left of each of the following entries, if found:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.uko2.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...FreeInstall.cab

Select Fix Checked
That should be it so please post
A new HijackThis log to confirm

Edited by kairis, 05 October 2006 - 05:03 AM.


#3 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 October 2006 - 05:56 AM

Thank you for the fast reply.
I have run combofix and the first part is that log... then ran and fix the bits you tod me to with hijakethis the second part is that log.

Carolyn - 06-10-05 11:34:34.99 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Carolyn\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_14.exe
C:\dfndrff_e21.exe
C:\deskbar.exe
C:\deskbar2.exe
C:\deskbar3.exe
C:\deskbar_e12.exe
C:\deskbar_e21.exe
C:\kybrdff_e12.exe
C:\kybrdff_e21.exe
C:\nwnmff_e12.exe
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\system32\w005b8e1.dll
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))


2006-10-05 04:09 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-04 21:09 134,912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2006-10-04 10:11 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-04 10:11 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-04 10:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-04 10:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-04 02:12 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-10-04 02:12 3,440 --a------ C:\WINDOWS\undo.reg
2006-10-04 02:12 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-10-03 21:33 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-10-03 21:33 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2006-10-03 21:33 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-10-03 21:33 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-03 21:33 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-03 21:33 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-10-03 21:33 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-10-03 21:33 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-10-03 21:33 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-03 21:33 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-03 21:33 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-10-03 21:33 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-03 21:33 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-10-03 21:33 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-03 21:33 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-10-03 21:33 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-10-03 21:33 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-10-03 21:33 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-10-03 21:33 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-10-03 21:33 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-10-03 21:33 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-10-03 21:33 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-10-03 21:33 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-10-03 21:33 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-10-03 21:33 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2006-10-03 21:33 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-10-03 21:33 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-10-03 21:33 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-03 21:33 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-10-03 21:33 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2006-10-03 21:33 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-10-03 21:33 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-10-03 21:33 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-03 21:33 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-03 21:33 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-10-03 21:33 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-10-03 21:33 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-10-03 21:33 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-10-03 21:33 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-10-03 21:33 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-10-03 21:33 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-10-03 21:33 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-10-03 21:33 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-10-03 21:33 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-10-03 21:33 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-10-03 21:33 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-03 21:33 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-10-03 21:33 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-10-03 21:33 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-03 21:33 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-10-03 21:33 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-10-03 21:33 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-10-03 21:33 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-10-03 21:33 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-10-03 21:33 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-10-03 21:33 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-10-03 21:33 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-10-03 21:33 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-10-03 21:33 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-10-03 21:33 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-10-03 21:33 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-10-03 21:33 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-10-03 21:33 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-10-03 21:33 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-10-03 21:33 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-10-03 21:33 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-03 21:33 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-03 21:33 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-10-03 21:33 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-03 21:33 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-03 21:33 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-10-03 21:33 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-03 21:33 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-10-03 21:33 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-10-03 21:33 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-10-03 21:33 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-10-03 21:33 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-03 21:33 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-10-03 21:33 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-10-03 21:33 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-10-03 21:33 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-03 21:33 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-10-03 21:33 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-10-03 21:33 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-10-03 21:33 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-10-03 21:33 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-10-03 21:33 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-10-03 21:33 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-03 21:33 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-10-03 21:33 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-10-03 21:33 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-03 21:33 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-10-03 21:33 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-10-03 21:32 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-03 21:32 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-10-03 21:32 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-03 21:32 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-10-03 21:32 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-10-03 21:32 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2006-10-03 21:32 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-10-03 21:32 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-10-03 21:32 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2006-10-03 21:32 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-10-03 21:32 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-10-03 21:32 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-10-03 21:32 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-10-03 21:32 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-10-03 21:32 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-03 21:32 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-10-03 21:32 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-10-03 21:32 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-10-03 21:32 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-10-03 21:32 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-10-03 21:32 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-10-03 21:32 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-10-03 21:32 52,224 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-03 21:32 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-10-03 21:32 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-10-03 21:32 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-10-03 21:32 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-10-03 21:32 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-10-03 21:32 484,864 --------- C:\WINDOWS\system32\wmspdmod.dll
2006-10-03 21:32 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-10-03 21:32 44,032 --------- C:\WINDOWS\system32\twext.dll
2006-10-03 21:32 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-03 21:32 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-10-03 21:32 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-03 21:32 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-10-03 21:32 32,866 --------- C:\WINDOWS\slrundll.exe
2006-10-03 21:32 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-10-03 21:32 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-10-03 21:32 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-10-03 21:32 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-03 21:32 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-10-03 21:32 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-10-03 21:32 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-10-03 21:32 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-10-03 21:32 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-10-03 21:32 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-03 21:32 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-03 21:32 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2006-10-03 21:32 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-10-03 21:32 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2006-10-03 21:32 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-10-03 21:32 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-10-03 21:32 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2006-10-03 21:32 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-10-03 21:32 168,448 --------- C:\WINDOWS\system32\wmerror.dll
2006-10-03 21:32 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-03 21:32 151,552 --------- C:\WINDOWS\system32\wmidx.dll
2006-10-03 21:32 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-10-03 21:32 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-10-03 21:32 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-10-03 21:32 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-10-03 21:32 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-10-03 21:32 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-10-03 21:32 116,224 --------- C:\WINDOWS\system32\p2p.dll
2006-10-03 21:32 114,688 --------- C:\WINDOWS\system32\wmpasf.dll
2006-10-03 21:32 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-10-03 21:32 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-10-03 21:32 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-10-03 21:32 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2006-10-03 21:32 1,119,744 --------- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-03 21:32 1,001,472 --------- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-03 20:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-03 20:35 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-10 01:20 640,467 ---hs---- C:\WINDOWS\system32\tstwa.bak2
2006-09-07 05:09 623,328 ---hs---- C:\WINDOWS\system32\tstwa.bak1


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 06:22 -------- d-------- C:\Program Files\Messenger
2006-10-05 05:53 -------- d-------- C:\Program Files\Internet Explorer
2006-10-05 03:42 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 03:41 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 11:42 -------- d-------- C:\Program Files\Common Files\zkiq
2006-10-04 10:43 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-04 10:10 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\PC Tools
2006-10-04 02:43 -------- d-------- C:\Program Files\Windows Media Player
2006-10-04 02:12 -------- d-------- C:\Program Files\Trojan Remover
2006-10-04 02:12 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Simply Super Software
2006-10-03 23:12 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Lavasoft
2006-10-03 23:11 -------- d-------- C:\Program Files\Lavasoft
2006-10-03 22:54 -------- d---s---- C:\Documents and Settings\Carolyn\Application Data\Microsoft
2006-10-03 21:32 -------- d-------- C:\Program Files\Movie Maker
2006-10-03 21:17 -------- d-------- C:\Program Files\Windows NT
2006-10-03 21:17 -------- d-------- C:\Program Files\NetMeeting
2006-09-25 02:30 -------- d-------- C:\Program Files\Google
2006-09-10 03:29 -------- d-------- C:\Program Files\iTunes
2006-09-10 03:27 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Apple Computer
2006-09-07 05:02 166863 --a------ C:\abcd.exe
2006-08-28 20:46 79872 -r-hs---- C:\WINDOWS\winlogin.exe
2006-08-26 08:24 629803 ---hs---- C:\WINDOWS\system32\fefii.bak1
2006-08-26 08:24 13844 --a------ C:\WINDOWS\system32\qkhdpokt.exe
2006-08-26 05:49 13844 --a------ C:\WINDOWS\system32\qbhbllvx.exe
2006-08-26 05:48 629803 ---hs---- C:\WINDOWS\system32\klkkj.bak1
2006-08-25 22:28 629803 ---hs---- C:\WINDOWS\system32\yaccf.bak1
2006-08-25 22:28 13844 --a------ C:\WINDOWS\system32\sghreyou.exe
2006-08-24 20:52 -------- d-------- C:\Program Files\MSN
2006-08-14 20:56 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Google
2006-08-06 20:52 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 03:19 27212 --a------ C:\Documents and Settings\Carolyn\Application Data\Personal Address Book.ADR
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="\"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe\" -b"
"Microsoft Telecoms Center"="winupcd.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN\\zyse.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\ComPlus Applications\\woqypi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"zkiq"="C:\\PROGRA~1\\COMMON~1\\zkiq\\zkiqm.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"zkiq"="C:\\PROGRA~1\\COMMON~1\\zkiq\\zkiqm.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 05/10/2006 11:43:16.94
ComboFix.txt


===============================================================

Logfile of HijackThis v1.99.1
Scan saved at 11:48:31, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.uko2.co.uk
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = homeuserdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = homeuserdomain
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

#4 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 05 October 2006 - 06:31 AM

Great job :thumbsup:
Lets continue..

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#5 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 05 October 2006 - 03:20 PM

I have ran Vundofix, it said that the system was clean :thumbsup: here is a new log from hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 21:14:41, on 05/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Carolyn\Desktop\VundoFix.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.uko2.co.uk
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = homeuserdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = homeuserdomain
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

#6 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 06 October 2006 - 12:25 AM

Hello again.
Go ahead and uninstall Vundofix.

Click on start, settings, control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist:
Microsoft Telecoms Center
Then reboot your computer - IMPORTANT

Then:
1. Reboot Your System in Safe Mode
How to use the F8 method to Start Your Computer in Safe Mode
Restart the computer.
As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
Use the arrow keys to select the Safe mode menu item
Press Enter.

2. Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
C:\WINDOWS\System32\winupcd.exe<==File. If You dont find it, try this:
winupcd.exe<==You will have to do a Search for this one using Windows Search Function

3. Exit Explorer, and REBOOT BACK INTO NORMAL MODE

4. Finally, RUN Hijackthis again and produce a new HJT lo

#7 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 06 October 2006 - 03:34 AM

Hi
i went to add and remove but could not find Microsoft Telecoms Center
i then rebooted to safemode and seached for winupcd.exe but again found nothing.

latest hijackthis log follows.

Logfile of HijackThis v1.99.1
Scan saved at 09:28:00, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.uko2.co.uk
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = homeuserdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = homeuserdomain
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

#8 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 06 October 2006 - 05:36 AM

Please download Combofix
to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#9 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 06 October 2006 - 05:50 AM

ran combofix and here is the log.

Carolyn - 06-10-06 11:39:43.45 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Carolyn\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-05 04:09 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-04 21:09 134,912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2006-10-04 10:11 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-04 10:11 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-04 10:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-04 10:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-04 02:12 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-10-04 02:12 3,440 --a------ C:\WINDOWS\undo.reg
2006-10-04 02:12 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-10-03 21:33 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-10-03 21:33 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2006-10-03 21:33 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-10-03 21:33 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-03 21:33 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-03 21:33 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-10-03 21:33 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-10-03 21:33 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-10-03 21:33 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-03 21:33 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-03 21:33 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-10-03 21:33 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-03 21:33 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-10-03 21:33 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-03 21:33 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-10-03 21:33 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-10-03 21:33 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-10-03 21:33 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-10-03 21:33 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-10-03 21:33 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-10-03 21:33 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-10-03 21:33 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-10-03 21:33 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-10-03 21:33 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-10-03 21:33 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2006-10-03 21:33 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-10-03 21:33 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-10-03 21:33 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-03 21:33 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-10-03 21:33 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2006-10-03 21:33 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-10-03 21:33 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-10-03 21:33 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-03 21:33 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-03 21:33 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-10-03 21:33 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-10-03 21:33 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-10-03 21:33 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-10-03 21:33 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-10-03 21:33 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-10-03 21:33 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-10-03 21:33 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-10-03 21:33 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-10-03 21:33 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-10-03 21:33 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-10-03 21:33 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-03 21:33 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-10-03 21:33 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-10-03 21:33 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-03 21:33 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-10-03 21:33 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-10-03 21:33 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-10-03 21:33 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-10-03 21:33 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-10-03 21:33 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-10-03 21:33 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-10-03 21:33 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-10-03 21:33 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-10-03 21:33 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-10-03 21:33 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-10-03 21:33 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-10-03 21:33 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-10-03 21:33 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-10-03 21:33 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-10-03 21:33 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-10-03 21:33 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-03 21:33 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-03 21:33 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-10-03 21:33 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-03 21:33 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-03 21:33 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-10-03 21:33 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-03 21:33 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-10-03 21:33 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-10-03 21:33 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-10-03 21:33 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-10-03 21:33 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-03 21:33 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-10-03 21:33 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-10-03 21:33 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-10-03 21:33 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-03 21:33 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-10-03 21:33 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-10-03 21:33 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-10-03 21:33 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-10-03 21:33 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-10-03 21:33 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-10-03 21:33 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-03 21:33 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-10-03 21:33 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-10-03 21:33 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-03 21:33 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-10-03 21:33 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-10-03 21:32 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll
2006-10-03 21:32 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-10-03 21:32 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-03 21:32 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-10-03 21:32 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-10-03 21:32 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2006-10-03 21:32 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-10-03 21:32 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-10-03 21:32 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2006-10-03 21:32 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-10-03 21:32 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-10-03 21:32 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-10-03 21:32 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-10-03 21:32 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-10-03 21:32 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-10-03 21:32 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-03 21:32 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-10-03 21:32 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-10-03 21:32 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-10-03 21:32 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-10-03 21:32 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-10-03 21:32 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-10-03 21:32 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-10-03 21:32 52,224 --------- C:\WINDOWS\system32\mspmsnsv.dll
2006-10-03 21:32 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-10-03 21:32 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-10-03 21:32 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-10-03 21:32 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-10-03 21:32 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-10-03 21:32 484,864 --------- C:\WINDOWS\system32\wmspdmod.dll
2006-10-03 21:32 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-10-03 21:32 44,032 --------- C:\WINDOWS\system32\twext.dll
2006-10-03 21:32 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-03 21:32 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-10-03 21:32 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-03 21:32 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-10-03 21:32 32,866 --------- C:\WINDOWS\slrundll.exe
2006-10-03 21:32 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-10-03 21:32 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-10-03 21:32 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-10-03 21:32 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-03 21:32 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-10-03 21:32 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-10-03 21:32 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-10-03 21:32 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-10-03 21:32 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-10-03 21:32 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-03 21:32 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-03 21:32 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2006-10-03 21:32 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-10-03 21:32 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2006-10-03 21:32 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-10-03 21:32 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-10-03 21:32 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2006-10-03 21:32 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-10-03 21:32 168,448 --------- C:\WINDOWS\system32\wmerror.dll
2006-10-03 21:32 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-03 21:32 151,552 --------- C:\WINDOWS\system32\wmidx.dll
2006-10-03 21:32 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-10-03 21:32 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-10-03 21:32 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-10-03 21:32 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-10-03 21:32 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-10-03 21:32 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-10-03 21:32 116,224 --------- C:\WINDOWS\system32\p2p.dll
2006-10-03 21:32 114,688 --------- C:\WINDOWS\system32\wmpasf.dll
2006-10-03 21:32 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-10-03 21:32 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-10-03 21:32 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-10-03 21:32 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2006-10-03 21:32 1,119,744 --------- C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-03 21:32 1,001,472 --------- C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-03 20:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-03 20:35 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-10 01:20 640,467 ---hs---- C:\WINDOWS\system32\tstwa.bak2
2006-09-07 05:09 623,328 ---hs---- C:\WINDOWS\system32\tstwa.bak1


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 06:22 -------- d-------- C:\Program Files\Messenger
2006-10-05 05:53 -------- d-------- C:\Program Files\Internet Explorer
2006-10-05 03:42 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 03:41 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 11:42 -------- d-------- C:\Program Files\Common Files\zkiq
2006-10-04 10:43 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-04 10:10 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\PC Tools
2006-10-04 02:43 -------- d-------- C:\Program Files\Windows Media Player
2006-10-04 02:12 -------- d-------- C:\Program Files\Trojan Remover
2006-10-04 02:12 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Simply Super Software
2006-10-03 23:12 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Lavasoft
2006-10-03 23:11 -------- d-------- C:\Program Files\Lavasoft
2006-10-03 22:54 -------- d---s---- C:\Documents and Settings\Carolyn\Application Data\Microsoft
2006-10-03 21:32 -------- d-------- C:\Program Files\Movie Maker
2006-10-03 21:17 -------- d-------- C:\Program Files\Windows NT
2006-10-03 21:17 -------- d-------- C:\Program Files\NetMeeting
2006-09-25 02:30 -------- d-------- C:\Program Files\Google
2006-09-10 03:29 -------- d-------- C:\Program Files\iTunes
2006-09-10 03:27 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Apple Computer
2006-09-07 05:02 166863 --a------ C:\abcd.exe
2006-08-28 20:46 79872 -r-hs---- C:\WINDOWS\winlogin.exe
2006-08-26 08:24 629803 ---hs---- C:\WINDOWS\system32\fefii.bak1
2006-08-26 08:24 13844 --a------ C:\WINDOWS\system32\qkhdpokt.exe
2006-08-26 05:49 13844 --a------ C:\WINDOWS\system32\qbhbllvx.exe
2006-08-26 05:48 629803 ---hs---- C:\WINDOWS\system32\klkkj.bak1
2006-08-25 22:28 629803 ---hs---- C:\WINDOWS\system32\yaccf.bak1
2006-08-25 22:28 13844 --a------ C:\WINDOWS\system32\sghreyou.exe
2006-08-24 20:52 -------- d-------- C:\Program Files\MSN
2006-08-14 20:56 -------- d-------- C:\Documents and Settings\Carolyn\Application Data\Google
2006-08-06 20:52 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 03:19 27212 --a------ C:\Documents and Settings\Carolyn\Application Data\Personal Address Book.ADR
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STManager"="\"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe\" -b"
"Microsoft Telecoms Center"="winupcd.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN\\zyse.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\ComPlus Applications\\woqypi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"zkiq"="C:\\PROGRA~1\\COMMON~1\\zkiq\\zkiqm.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"zkiq"="C:\\PROGRA~1\\COMMON~1\\zkiq\\zkiqm.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061005-114754-135
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...FreeInstall.cab
backup-20061005-114754-188
R3 - Default URLSearchHook is missing
backup-20061005-114754-718
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
backup-20061005-114754-791
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
backup-20061005-114753-866
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.uko2.co.uk
backup-20061005-114753-700
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

Completion time: 06/10/2006 11:46:26.10
ComboFix.txt

#10 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 06 October 2006 - 06:28 AM

Hi again.
Lets continue:

Step 1:
Please open Notepad, and copy/paste the code in the box below into a new text file.
Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Telecoms Center"=-

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zkiq"=-
Now Locate and DoubleClick fix.reg-> Allow it to merge into the Registry!

Step 2:
Please download KILLBOX, extract it to your desktop.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Double-click on Killbox.exe to run it.
Put a tick by Standard File Kill.

In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\abcd.exe
C:\WINDOWS\winlogin.exe
C:\WINDOWS\system32\fefii.bak1
C:\WINDOWS\system32\qkhdpokt.exe
C:\WINDOWS\system32\qbhbllvx.exe
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\yaccf.bak1
C:\WINDOWS\system32\sghreyou.exe
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2

Click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.
Exit the Killbox.

If your computer does not restart automatically, please restart it manually.
After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
Post this log in your next reply.

#11 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 06 October 2006 - 04:07 PM

Ok done all from last post and here is the killbox log

Pocket Killbox version 2.0.0.648
Running on Windows XP as Carolyn(Administrator)
was started @ Friday, October 06, 2006, 9:49 PM

# 1 [Files to Delete]
Path = C:\abcd.exe
*File Was Deleted

# 2 [Files to Delete]
Path = C:\WINDOWS\winlogin.exe
*File Was Deleted

# 3 [Files to Delete]
Path = C:\WINDOWS\system32\fefii.bak1
*File Was Deleted

# 4 [Files to Delete]
Path = C:\WINDOWS\system32\qkhdpokt.exe
*File Was Deleted

# 5 [Files to Delete]
Path = C:\WINDOWS\system32\qbhbllvx.exe
*File Was Deleted

# 6 [Files to Delete]
Path = C:\WINDOWS\system32\klkkj.bak1
*File Was Deleted

# 7 [Files to Delete]
Path = C:\WINDOWS\system32\yaccf.bak1
*File Was Deleted

# 8 [Files to Delete]
Path = C:\WINDOWS\system32\sghreyou.exe
*File Was Deleted

# 9 [Files to Delete]
Path = C:\WINDOWS\system32\tstwa.bak1
*File Was Deleted

# 10 [Files to Delete]
Path = C:\WINDOWS\system32\tstwa.bak2
*File Was Deleted

Killbox Closed(Exit) @ 9:55:08 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Carolyn(Administrator)
was started @ Friday, October 06, 2006, 10:02 PM

#12 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 07 October 2006 - 02:32 AM

Hi.
Looks good!
Please send a fresh HJT-log, thanks.

#13 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 07 October 2006 - 04:48 AM

new hjt log

Logfile of HijackThis v1.99.1
Scan saved at 10:42:11, on 07/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.uko2.co.uk
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = homeuserdomain
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = homeuserdomain
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

#14 kairis

kairis

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:35 PM

Posted 07 October 2006 - 07:02 AM

hi, thanks for the log, looks pretty good :thumbsup:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#15 barry123

barry123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 07 October 2006 - 11:02 AM

Ok done the scan and here is the log


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 07, 2006 4:57:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/10/2006
Kaspersky Anti-Virus database records: 229797
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 27658
Number of viruses found: 7
Number of infected objects: 21 / 0
Number of suspicious objects: 8
Duration of the scan process: 03:43:56

Infected Object Name / Virus Name / Last Action
C:\!KillBox\abcd.exe/data.rar/drxvp.exe Infected: Trojan-Downloader.Win32.Small.due skipped
C:\!KillBox\abcd.exe/data.rar/pnky.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\!KillBox\abcd.exe/data.rar/pnky.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\!KillBox\abcd.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\!KillBox\abcd.exe RarSFX: infected - 4 skipped
C:\!KillBox\qbhbllvx.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\!KillBox\qkhdpokt.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\!KillBox\sghreyou.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20061007_Time-103842132_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20061007_Time-103842132_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_LAPTP-4.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_LAPTP-4.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/drsmartload849a9999a.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/drsmartload849a999.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver.zip/MTE3NDI6ODoxNgnew.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Carolyn\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Carolyn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Carolyn\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carolyn\Local Settings\History\History.IE5\MSHist012006100720061008\index.dat Object is locked skipped
C:\Documents and Settings\Carolyn\Local Settings\Temp\Perflib_Perfdata_174.dat Object is locked skipped
C:\Documents and Settings\Carolyn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Carolyn\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Carolyn\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2R53XYDJ\abcd[1].txt/data.rar/drxvp.exe Infected: Trojan-Downloader.Win32.Small.due skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2R53XYDJ\abcd[1].txt/data.rar/pnky.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2R53XYDJ\abcd[1].txt/data.rar/pnky.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2R53XYDJ\abcd[1].txt/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2R53XYDJ\abcd[1].txt RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3IPK52B\abcd[1].txt/data.rar/drxvp.exe Infected: Trojan-Downloader.Win32.Small.due skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3IPK52B\abcd[1].txt/data.rar/pnky.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3IPK52B\abcd[1].txt/data.rar/pnky.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3IPK52B\abcd[1].txt/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.dr skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3IPK52B\abcd[1].txt RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\MSN Messenger\0\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\MSN Messenger\0\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\MSN Messenger\0\sqmnoopt00.sqm Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\MSN Messenger\0\sqmnoopt01.sqm Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Office\MSOut10.pip Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Office\Word10.pip Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Outlook\Outlook.FAV Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Protect\S-1-5-21-1220945662-839522115-1343024091-1005\9f546c1d-3f01-4780-856c-833bb9c9918b Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Protect\S-1-5-21-1220945662-839522115-1343024091-1005\dd1bb726-f322-44dc-b07a-9b04eede1fb4 Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Protect\S-1-5-21-1220945662-839522115-1343024091-1005\Preferred Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Paul\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Paul\Application Data\MSN6\msndata.dat Object is locked skipped
C:\Documents and Settings\Paul\Application Data\MSN6\msndata001.dat Object is locked skipped
C:\Documents and Settings\Paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@bbc.co[1].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@google[1].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@msn.co[2].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@msn.touchclarity[1].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@msn[1].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@search.msn.co[2].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@www.msn.co[2].txt Object is locked skipped
C:\Documents and Settings\Paul\Cookies\paul@yahoo[2].txt Object is locked skipped
C:\Documents and Settings\Paul\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Paul\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Paul\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Paul\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Paul\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Paul\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Outlook\extend.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\IDSinst.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\SNDSetup544.log Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\SNDUpdater544I.log Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\0000000001_000000000000000148831[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\3[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\activity;src=785742;type=all20846;cat=yahoo595;ord=21386600571[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\ba[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\blu_bar[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\brod1[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\cash_70[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\common[2].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\d1e2fe[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\dalek_701[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\ents_litbrit_70[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\fff[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\firewall_main_0[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\fix[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\helppane[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\home_b5e7f4[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\house_prices_70[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\h_search[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\icon_bbc_mmi[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\jacks2[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\languages[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\launchurl[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\logging[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\logo3[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\Logo_50wht[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\mainstyle[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\makingofhalo2mirrors[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\mgou[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\music[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\nav1-partners-330066-64x10-off[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\nav1-products-330066-71x10-off[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\newfp1[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\quicktime[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\results[1].aspx Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\results[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\saatchi1[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\search[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\search[2] Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\shim[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\SK3024_mum_300X250[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\snoow[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\supervolcano_wt_r_2[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\system_r[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\title[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\toolbarsmall[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\topr3[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\ULI-292d854a[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\uma4[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\v[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\wait[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\wales2[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\wan_main_0[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\zeta1[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9Q48X04N\_40901125_mourinho66[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\0000000001_000000000000000156768[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\300x250_tp_fashion[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\666[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\alertbubble[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\antis1[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\ashan[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\bar[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\bg02[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\blair[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\brad1[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\cbbc[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\Class3CodeSigning2001[1].crl Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\Class3SoftwarePublishers[1].crl Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\common[2].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\css-font[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\data[2].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\firewall_a[2].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\firewall_d[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\firewall_ping[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\flight[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\fond[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\gbl[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\grangehill_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\halo.borglogo[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\halobluel[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\import[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\index[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\kluiv1[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\logo042[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\log[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\main_router[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\money_creditcard_86x541[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\mp32_1451[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\mr_chad_rnd[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\msn.co[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\nat_v[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\nav1-investors-330066-70x10-off[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\pers2[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\results[1].aspx Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\results[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\results[2].aspx Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\results[3].aspx Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\setup_dns[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\shade[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\sl[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\spacer[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\spacer[2].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\srb[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\srch-arrw[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\star[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\stylesheet-homepage[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\summer2_1451[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\s[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\tb1-pipexcommunications-logo-ffffff-225x71[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\ULI-5a9ec3fc[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\ulwt[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\veyron_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\A8M8LDF3\virtual_garden_nodots[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\0000000001_000000000000000017246[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\0000000001_000000000000000158818[1].swf Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\192.168.2[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\activity;src=785742;type=all20846;cat=yahoo595;ord=1303750912674[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\alan_sugar_70[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\bar_cap[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\bar_floor[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\bar_slope[2].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\bbc.co[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\cbeebies[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\coUA[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\css-blue[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\css-font[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\deep[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\Default[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\drew[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\drivingtest2_1451[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\firewall_mac[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\gen[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\hdr[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\homepage2-720x255[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\lan_dhcp[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\lan_main_0[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\logomsn[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\maps_44[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\mercbclass_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\mess[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\money_moneyfornothing_70[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\msn[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\nat_sp[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\nav1-public-sector-330066-100x10-off[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\nw2[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\password-background-68x15[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\powrdbyhpblu84x28yahoo1[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\results[1].aspx Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\results[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\right-button-ffffff-12x12[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\sbtnbk[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\search[2] Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\shared[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\sra[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\stock-dn[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\st[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\supervolcano_wt_r_1[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\tbenh[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\tl_main_0[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\travel_rome_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\tri_web2[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\t[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\uk.yahoo[2] Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\ULI-a234a373[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\ULI-f1b41c20[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\ULI-f8541619[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\wntw[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\yschx_050301[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\X64HY5Z0\yuk1[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\ar_next[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\B1573348[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\bg01[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\bullet[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\coUAprint[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\daily_news_email[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\ents_celebwrestling_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\f430_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\face[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\finan[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\forms-script[1].jsi Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\gen_family_1451[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\gen_man_newspaper_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\gen_redbus_701[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\head_logo[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\hgrad[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\home-ie6[1].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\home-ie6[2].css Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\homepage-nav-code[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\h_changeloc[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\ie[1] Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\keanu4[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\lan_main[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\launc[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\logging-code[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\making_of_teaser[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\mc2[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\mcgow[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\more[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\msft_118x35[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\nav1-broadband-330066-84x10-off[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\note[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\pca3[1].crl Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\purple_dot[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\radioplayer[1].js Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\results[1].aspx Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\rotate[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\specials_kitlaunch_1451[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\sports_academy[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\srchb2[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\stock-up[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\system_f[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\tired_861[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\travel_sunbeds_861[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\trave[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\uks[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\ul2[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\ULI-e19ae233[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\wan_main[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\wireless_id[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\wireless_main_0[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\wireless_sec[1].htm Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\wmp[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\worldnewstext[1].gif Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\_39476494_deepcut66[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\_40902557_testing_ap66[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YDGRQSB7\_40921567_kluivert66[1].jpg Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Paul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Paul\ntuser.ini Object is locked skipped
C:\Documents and Settings\Paul\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Paul\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Paul\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Paul\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Paul\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Paul\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Paul\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Paul\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Paul\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Paul\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Paul\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Paul\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Paul\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Paul\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Paul\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Paul\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Paul\Templates\wordpfct.wpg Object is locked skipped
C:\Program Files\Common Files\zkiq\zkiql.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Common Files\zkiq\zkiqp.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\quarantine\pnky.exe.Vir Object is locked skipped
C:\quarantine\pnky.exe.Vir.0 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\drxvp.exe In




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users