Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Keeps Crashing


  • This topic is locked This topic is locked
4 replies to this topic

#1 anitgonish

anitgonish

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 05 December 2006 - 01:50 PM

Hi!

For some odd reason whenever I connect my 2 external hard drives (both usb 2.0 (i've also got the windows update for usb)) my computer gives me a Windows Explorer error and talks about an appcompat.txt file.

I read around and found this is a malware problem so i began going through the steps outlined by this website.

I've run ATF, Stinger, AVG, Counterspy, AdAware, Spybot and SmitFraud all in Safe Mode with the system restore turned off. I was wondering if you could please tell me if my hijack this log has any more information.

thanks a bunch!

Logfile of HijackThis v1.99.1
Scan saved at 12:28:53 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\KIDS\Desktop\System Upkeep\HijackThis\hijackthis(3)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kalghatgi Computers
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - D:\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Free Download Manager\iefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunServer] D:\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - http://ciscdb.sel.sony.com/support/pops/mdldetect/PCInfo.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15012/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - D:\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Unknown owner - D:\Dantz\Retrospect\retrorun.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StuffIt Task Manager - Unknown owner - D:\ALLUME~1\StuffIt\MXTask.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

BC AdBot (Login to Remove)

 


#2 anitgonish

anitgonish
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 05 December 2006 - 07:14 PM

Perhaps this may help. Here's the Kaspersky save log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 05, 2006 5:41:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/12/2006
Kaspersky Anti-Virus database records: 234307
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
X:\
Y:\

Scan Statistics:
Total number of scanned objects: 264620
Number of viruses found: 5
Number of infected objects: 27 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:32:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08CB5C85.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.azp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08CB5C85.exe/stream Infected: Trojan-Downloader.Win32.Zlob.azp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08CB5C85.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08CB5C85.exe UPX: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08CB5C85.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08CB5C85.exe CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\283C21F5 Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\283F4BF2.exe Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1C3DE5 Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1C3DE5.exe Infected: Trojan-Dropper.Win32.Agent.asl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C92652F.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F79547E.exe/run.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F79547E.exe ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F79547E.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\cert8.db Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\flashgot.log Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\history.dat Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\key3.db Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\parent.lock Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Outlook Mail.sbd\Personal Folders.sbd\Deleted Items/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text/[From eDiets Magazine <extra@ediets.com>][Date Mon, 14 Nov 2005 04:22:16 -0500 (EST)]/text/[From mrudulhas@earthlink.net][Date Tue, 15 Nov 2005 16:03:00 GMT]/Accept_e-Text.zip/accept_emailTextData.exe Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Outlook Mail.sbd\Personal Folders.sbd\Deleted Items/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text/[From eDiets Magazine <extra@ediets.com>][Date Mon, 14 Nov 2005 04:22:16 -0500 (EST)]/text/[From mrudulhas@earthlink.net][Date Tue, 15 Nov 2005 16:03:00 GMT]/Accept_e-Text.zip Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Outlook Mail.sbd\Personal Folders.sbd\Deleted Items/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text/[From eDiets Magazine <extra@ediets.com>][Date Mon, 14 Nov 2005 04:22:16 -0500 (EST)]/text Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Outlook Mail.sbd\Personal Folders.sbd\Deleted Items/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Outlook Mail.sbd\Personal Folders.sbd\Deleted Items Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Personal Folders.sbd\Trash/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text/[From eDiets Magazine <extra@ediets.com>][Date Mon, 14 Nov 2005 04:22:16 -0500 (EST)]/text/[From mrudulhas@earthlink.net][Date Tue, 15 Nov 2005 16:03:00 GMT]/Accept_e-Text.zip/accept_emailTextData.exe Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Personal Folders.sbd\Trash/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text/[From eDiets Magazine <extra@ediets.com>][Date Mon, 14 Nov 2005 04:22:16 -0500 (EST)]/text/[From mrudulhas@earthlink.net][Date Tue, 15 Nov 2005 16:03:00 GMT]/Accept_e-Text.zip Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Personal Folders.sbd\Trash/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text/[From eDiets Magazine <extra@ediets.com>][Date Mon, 14 Nov 2005 04:22:16 -0500 (EST)]/text Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Personal Folders.sbd\Trash/[From Nita Raghuram <nitaraghuram@yahoo.com>][Date Tue, 18 Oct 2005 12:57:29 -0700 (PDT)]/text Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Application Data\Thunderbird\Profiles\rbaqbb2x.default\Mail\Local Folders\Personal Folders.sbd\Trash Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\KIDS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\ApplicationHistory\cli.exe.b8500a31.ini.inuse Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/15 Nov 2005 16:06 from mrudulhas@earthlink.net:Your eMail Passwo/Accept_e-Text.zip/accept_emailTextData.exe Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/15 Nov 2005 16:06 from mrudulhas@earthlink.net:Your eMail Passwo/Accept_e-Text.zip Infected: Email-Worm.Win32.Sober.x skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Application Data\Mozilla\Firefox\Profiles\2wks8thx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\fla11BF.tmp Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\Free Download Manager\tic12.tmp Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\Free Download Manager\tic7.tmp Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\Perflib_Perfdata_7ec.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\Perflib_Perfdata_eac.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\Perflib_Perfdata_f94.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temp\~DF9E84.tmp Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\KIDS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\KIDS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\KIDS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C5334910-7C7F-4C56-BF3A-A211507970F3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd1213.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-12-05.13-23-30.log Object is locked skipped
D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped


any help would be greatly appreciated!!

thanks

#3 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:45 AM

Posted 15 December 2006 - 10:36 AM

Hi anitgonish and welcome to Bleeping Computer. :thumbsup:

Sorry for the delay, the forums are very busy.

If you still need help, please run a fresh HijackThis scan in normal mode and post the log to a reply here. Also please tell me if KIDS is the only user account on this computer.

Dave

#4 anitgonish

anitgonish
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 15 December 2006 - 03:30 PM

thanks.. after deleting all possible malware and trojans (2 days or foolishness) it ended up being a video codec that just needed to be reinstalled.

crazyness

thanks
happy holidays

#5 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:10:45 AM

Posted 15 December 2006 - 04:36 PM

Hi,

Glad you got it resolved :thumbsup:

This topic is now closed. If you need it re-opened, please PM me.

This applies to the original poster only. Everyone else please start a new topic.

Cheers,

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users