Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.spybot.worm


  • Please log in to reply
8 replies to this topic

#1 Leg

Leg

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 14 April 2007 - 01:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:13:42 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
F:\New\PowerISO\PWRISOVM.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Common Files\System\msnmssgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Larry Gibbs\Local Settings\Temporary Internet Files\Content.IE5\UWDPNUVQ\stng260[1].exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dallas.craigslist.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\New\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [I.R.I.S. Desktop Search] "C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170687687828
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 14 April 2007 - 03:13 PM

Hello

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

#3 Leg

Leg
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 14 April 2007 - 07:16 PM

Thanks, any help would be appreciated. Have been beating my head against this thing all day

Larry

#4 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 15 April 2007 - 01:17 PM

Hello Leg :thumbsup:

Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

Step 1

Download and Install CCleaner
We shall use this later in Safe Mode


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please now reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Scan with HijackThis again and place a checkmark in the boxes before the following entries:

O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

Close any Explorer windows which may be open and click the "Fix Checked" button.


Double-click on My Computer, Double-click on Local Disk
and navigate to then Right Click on and Delete the following Bold entries (if present):

C:\Program Files\Common Files\System\msnmssgr.exe

Now Open CCleaner and select: Cleaner | Analyze | Run Cleaner
Then close


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt


Step 2

Please use Internet Explorer and Run the Kaspersky On-line Scanner
http://www.kaspersky.com/service?chapter=161739400

Accept the Active X object and download the latest definitions.
When the scanner is ready, click Scan Settings.
Select the Extended anti-virus database.
Select Scan Archives & Scan Mail Bases and then ok.
Click My Computer to run a full system scan.
When complete, save the log to your desktop.


Step 3

Please now Re-scan with HijackThis and post:

1/ The new HJT Log
2/ The kaspersky scan log result's
3/ The SD Report.txt

Thank You.

#5 Leg

Leg
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 17 April 2007 - 08:44 AM

Did everything you suggested. Great work it appears to be gone.

Here is the info you requested:

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:29:13 AM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
F:\New\PowerISO\PWRISOVM.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\New\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [I.R.I.S. Desktop Search] "C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170687687828
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Scan log report

Tuesday, April 17, 2007 8:16:06 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/04/2007
Kaspersky Anti-Virus database records: 280941

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 107823
Number of viruses found 17
Number of infected objects 50 / 0
Number of suspicious objects 8
Duration of the scan process 02:02:55

Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Program Files\PC Tools Firewall Plus\FWService.txt Object is locked skipped

C:\Program Files\PC Tools Firewall Plus\FirewallWrapper.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\474E3CEE.class Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39A04F5A.class Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18621F12.class Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22006926 Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D6C05ED Infected: Trojan-Downloader.Java.OpenStream.w skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4502D6.exe Infected: Trojan-Downloader.Win32.Swizzor.co skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E633C82.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DC80523.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F0F6BBC.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F1F3DAA.int Infected: Trojan-Downloader.Win32.Swizzor.dv skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\417B1511.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68253085.exe/stream/data0004 Infected: Trojan-Downloader.Win32.IstBar.nn skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68253085.exe/stream Infected: Trojan-Downloader.Win32.IstBar.nn skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68253085.exe NSIS: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68253085.exe UPX: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68253085.exe CryptFF: infected - 2 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\685A504B.dll Infected: Trojan-Dropper.Win32.Agent.og skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65865FB1.exe Infected: Trojan-Downloader.Win32.Swizzor.co skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Deleted Items/27 Aug 2002 03:59 from allenjohnc:Please try again.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Deleted Items/31 Aug 2002 01:27 from Mountville:How are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Deleted Items/13 Jan 2003 19:35 from big@boss.com:Re: Sample/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Inbox/11 Jul 2002 03:14 from hpis:Fw:introduction on ADSL.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Inbox/17 Jul 2002 17:02 from nepley:Let's be friends.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Inbox/28 Jul 2002 00:16 from Cheviot7:Hello,welcome to my hometown.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Inbox/28 Aug 2002 19:56 from mmatanic:Hello,spice girls' vocal concert.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst/Personal Folders/Inbox/13 Jan 2003 23:26 from Dennis:Have a good Epiphany.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Larry\Application Data\Microsoft\Outlook\mail archive0009.pst Mail MS Mail: infected - 1, suspicious - 7 skipped

C:\Documents and Settings\Laura Gibbs\Local Settings\Application Data\Identities\{D680A4C6-3E6D-4FFB-AA42-063A7E4D58C6}\Microsoft\Outlook Express\Deleted Items.dbx/[From "deeman4" ][Date Tue, 10 Aug 2004 12:08:48 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Laura Gibbs\Local Settings\Application Data\Identities\{D680A4C6-3E6D-4FFB-AA42-063A7E4D58C6}\Microsoft\Outlook Express\Deleted Items.dbx/[From "dave" ][Date Sun, 15 Jun 2003 22:38:11 -0500]/html Infected: Virus.JS.Fortnight.b skipped

C:\Documents and Settings\Laura Gibbs\Local Settings\Application Data\Identities\{D680A4C6-3E6D-4FFB-AA42-063A7E4D58C6}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1, suspicious - 1 skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_480.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.ci Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wsb Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy6.gthr Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.37.gthr Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.37.Crwl Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80000.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80001.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80004.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C80005.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100001.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100002.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100003.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0002.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0003.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0006.VBN Infected: Trojan-Downloader.Win32.Zlob.bih skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0007.VBN Infected: Trojan-Downloader.Win32.Zlob.bih skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC000A.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC000B.VBN Infected: Trojan-Downloader.Win32.Zlob.bpn skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC000E.VBN Infected: Trojan-Downloader.Win32.Zlob.bih skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC000F.VBN Infected: Trojan-Downloader.Win32.Zlob.bih skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09280000.VBN Infected: Backdoor.Win32.Agent.aly skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04240000.VBN Infected: Backdoor.Win32.Agent.aly skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04240001.VBN Infected: Backdoor.Win32.Agent.aly skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Larry Gibbs\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Larry Gibbs\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Temp\Perflib_Perfdata_17a4.dat Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/02 Mar 2007 01:55 from BB&T:please update your details .rtf Infected: Trojan-Spy.HTML.Bankfraud.rk skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 1 skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Documents.did Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Documents.dfd Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Documents.dsd Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Keywords.ksb Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Keywords.kib Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Keywords.kdb Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Keywords.kdl Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Local Settings\Application Data\IRIS Desktop Search\Index\MainChunk\Keywords.kpf Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Application Data\PCToolsFirewallPlus\FirewallGUI.txt Object is locked skipped

C:\Documents and Settings\Larry Gibbs\Application Data\PCToolsFirewallPlus\FWPlugin.txt Object is locked skipped

C:\usb driver\playtoadgeneralfree.exe/WISE0077.BIN Infected: Trojan-Downloader.Win32.Agent.avz skipped

C:\usb driver\playtoadgeneralfree.exe WiseSFX: infected - 1 skipped

C:\usb driver\playtoadgeneralfree.exe WiseSFX Dropper: infected - 1 skipped

F:\Documents and Settings\Administrator\My Documents\AnyDVD.5.2.4.2.WinALL.READ_NFO-XMA0D_rar.vir/install.exe Infected: Trojan.Win32.Agent.vg skipped

F:\Documents and Settings\Administrator\My Documents\AnyDVD.5.2.4.2.WinALL.READ_NFO-XMA0D_rar.vir/crack.exe Infected: Trojan-Downloader.Win32.Adload.fo skipped

F:\Documents and Settings\Administrator\My Documents\AnyDVD.5.2.4.2.WinALL.READ_NFO-XMA0D_rar.vir RAR: infected - 2 skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06d23c37efe9c108c55c0e52ed51cda9_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\302c87142515d1cfce494d52a6be9fdf_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35c360beaaa19b64f79c1bb8c7bfb9cb_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\396278436b94ea8387ed78ea1d032e48_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c395a2a7db5a03621253ebe8d0ccc67_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51b43fb63941f82eaf92464ba72e291a_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56a2915214b99927eb166b1b25dee12c_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f22df0d54e0f1cd25939d1b058288b6_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\755138ac6c79fee945c3ab1461e9f3b9_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3761819e3fb4690043b0eee88dee24d_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a5455e5d22dfed2ea2cdbd9c7032bd8a_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7505c2b0775d237f687879a23f79d53_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d58f678131d0986661f5342610c88931_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e166a30239cbbea14f9ab414010b170d_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4536a405cb6f8af0157429230d1fc13_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\efd53dc1c2de98e35190181b63a432e1_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f55c209d9b004d0ce9da3240f27cc909_5fcfabb4-8c86-4522-9d8c-d9a025adede2 Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan.Win32.Small.ev skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

F:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

Scan process completed.

SD report

SDFix: Version 1.78

Run by Larry Gibbs - Mon 04/16/2007 - 21:30:56.82

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Program Files\Setup.exe - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\System32\\FxsClnt.exe"="C:\\WINDOWS\\System32\\FxsClnt.exe:*:Enabled:Microsoft Fax Console"
"%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\System\\msnmssgr.exe"="C:\\Program Files\\Common Files\\System\\msnmssgr.exe:*:Enabled:WindowsSystem32"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Larry\My Documents\My Pictures\2006-06 (Jun)\ClassicGaming.com - Repairing Your NES_files\Thumbs.db
C:\Documents and Settings\Larry\NetHood\saxet.com\Desktop.ini
C:\temp web\MYWEB\saxet.com\Thumbs.db
C:\New\MSDE2000\SQLRESLD.DLL
C:\Documents and Settings\Larry\My Documents\My Pictures\2006-06 (Jun)\eBayISAPI.dll_files\Thumbs.db
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe-CommandBars
C:\3dvew2zd.sys
C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
C:\WINDOWS\SYSTEM32\829D6D2556.sys
C:\Documents and Settings\Larry\Local Settings\Temp\Offices.tmp
C:\Documents and Settings\Larry\Local Settings\Temp\Officeh.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Office\Shortcut Bar\OffC391s.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Office\Shortcut Bar\OffC391h.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Office\Shortcut Bar\Off6s.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Office\Shortcut Bar\Off6h.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Office\Shortcut Bar\Off6.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Templates\~WRL3885.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0003.TMP
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0384.TMP
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL3122.TMP
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL2043.TMP
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL2776.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL1853.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL1874.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0009.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL3203.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0008.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0781.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL3884.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL2943.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL3360.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0769.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0373.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0018.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0006.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL2151.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL0007.tmp
C:\Documents and Settings\Larry\Application Data\Microsoft\Word\~WRL1584.tmp
C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp

Finished

#6 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 18 April 2007 - 12:10 AM

Hello Leg :thumbsup:

Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

Step 1

Double-click on My Computer, Double-click on Local Disk
and navigate to then Right Click on and Delete the following Bold entries (if present):


C:\Program Files\Common Files\System\msnmssgr.exe

C:\WINDOWS\system32\winsecurityxp\mswinup.exe

C:\WINDOWS\system32\winsecurityxp

F:\Documents and Settings\Administrator\My Documents\AnyDVD.5.2.4.2

C:\usb driver\playtoadgeneralfree.exe


Step 2

Download NoLop to your desktop from one of the links below...

Link 1 | Link 2

Close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it

Now click the button labelled "Search and Destroy"
When scanning is finished you will be prompted to reboot only if infected, Click "OK"
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log

If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then Re-Run the program.


Step 3

Can you please Delete Everything that has been Quarantine by your Norton AntiVirus.

and please also purge all your Deleted Outlook mail..


Step 4

In your next reply please post

1/ A new HijackThis log
2/ The C:\NoLop.log

Thank you.

#7 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 18 April 2007 - 02:47 PM

Hello Leg

To follow on from my last post I would also like you to Download the latest SmitfraudFix by S!Ri from either of these mirrors to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip
http://siri.geekstogo.com/SmitfraudFix.zip

Right click SmitfraudFix.zip and Extract (unzip) the SmitfraudFix folder inside to your desktop.
Open the SmitfraudFix folder and double-click "smitfraudfix.cmd"
Select option #1 - "Search" by typing "1" and press "Enter".

Please copy & paste the SmitfraudFix text file which appears back here please.

Along with the new HijackThis log and The C:\NoLop.log result's

Thank you.

#8 Leg

Leg
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 18 April 2007 - 10:17 PM

There was no "nolop.log" it said no infections found
Here is the the other report you wanted.

SmitFraudFix v2.148

Scan done at 22:11:21.28, Wed 04/18/2007
Run from C:\Documents and Settings\Larry Gibbs\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Larry Gibbs


C:\Documents and Settings\Larry Gibbs\Application Data


Start Menu


C:\DOCUME~1\LARRYG~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32


Scanning wininet.dll infection


End

#9 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 21 April 2007 - 05:51 AM

Hello Leg

Sorry to keep you waiting, I've been quite busy I'm afraid.

Can you please post me a new HijackThis log and let me know how your system is running now

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users