Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error On Svchost.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 cmon1011

cmon1011

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 17 April 2007 - 06:41 PM

Some services stop suddenly when I got error on svchost.exe (for example Windows Audio, DHCP Client, Security Center, Server, etc)
Also I got some popup on IE, but lately I use Firefox, so I don't know if there's still a problem with my IE
I haven't update my windows update because I'm afraid something wrong will happen because my computer (I think) it's not safe enough to update

Here's the log anyway:
Logfile of HijackThis v1.99.1
Scan saved at 1:38:49 AM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Cmon\My Documents\utorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtremewrestlingtorrents.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {bf72ef3d-4192-48c3-8963-f90eb01df1a6} - C:\WINDOWS\system32\disota.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Shortcut to YahooMessenger.lnk = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: disota - disota.dll (file missing)
O20 - Winlogon Notify: edlame - edlame.dll (file missing)
O20 - Winlogon Notify: filaze - filaze.dll (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:19 AM

Posted 23 April 2007 - 01:57 AM

Hello cmon1011, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 23 April 2007 - 02:09 AM

Thanks for looking ;)

#4 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:19 AM

Posted 25 April 2007 - 04:27 PM

Hello cmon1011.



IMPORTANT
It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled your firewall, please re-enable it.
If you do not have a firewall installed, please download and install one of these good (and free) products:
- ZoneAlarm
- Comodo Free Firewall
- Outpost Firewall Free
- Sunbelt Personal Firewall (= Kerio) - learn more here

NOTE: Never install more than one firewall program on your system. Several together can give problems and decrease the reliability of it seriously.

Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: Sun Java Console update
You need to update your Sun Java Console. Older versions have vulnerabilities that malware can and are using to infect systems.
Please perform these instructions to update your Sun Java Console:
1. Close all programs so that you are at your Desktop.
2. Go to Start > Control Panel > Add/Remove Programs and check any item with Java Runtime Environment (JRE) in the name.
3. Click the Remove or Change/Remove button next to these items to remove all versions of Java.
4. Reboot your computer.
5. Download and install the latest version of Java Runtime Environment (JRE) 6 (click).

Step #2: VundoFix
You are infected with Vundo. Download VundoFix.exe to your Desktop to get rid of it.
Download VundoFix.exe

Once downloaded, double-click VundoFix.exe to run it.
Now please perform these instructions:
1. Click the button labelled "Scan for Vundo".
2. Once it's done scanning, click the button labelled "Remove Vundo".
3. Click the Yes button at the prompt asking you if you want to remove the files.
NOTE: Once you click Yes, your Desktop will go blank as it starts removing Vundo.
4. When completed, it will prompt that it will reboot your computer. Click OK.

NOTE: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the button labelled "Scan for Vundo"" when VundoFix appears upon rebooting.

Post the entire contents of C:\vundofix.txt in your next reply.

Step #3: HijackThis fix
Scan again with HijackThis. Put a checkmark by these entries if they are present, double-checking to be sure that only these entries are checked:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {bf72ef3d-4192-48c3-8963-f90eb01df1a6} - C:\WINDOWS\system32\disota.dll (file missing)
O20 - Winlogon Notify: disota - disota.dll (file missing)
O20 - Winlogon Notify: edlame - edlame.dll (file missing)
O20 - Winlogon Notify: filaze - filaze.dll (file missing)


Close all other windows - you should only see HijackThis on your Desktop - and then click the button labelled "Fix checked".

Step #4: file(s)/folder(s) deletion
First enable the viewing of hidden files in Windows XP by following these steps:
1. Close all programs so that you are at your Desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and then click on the menu option labelled "Folder Options".
4. After the new window appears select the View tab.
5. Remove the checkmark from the checkbox labelled "Hide file extensions for known file types".
6. Remove the checkmark from the checkbox labelled "Hide protected operating system files".
7. Select the radio button labelled "Show hidden files and folders".
8. Press the Apply button and then press the OK button and shutdown My Computer.

Your computer is now configured to show all hidden system files and folders.

Reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.


Now delete the following files (do not be concerned if they do not exist):
C:\WINDOWS\system32\disota.dll
C:\WINDOWS\system32\edlame.dll
C:\WINDOWS\system32\filaze.dll

Step #5: uninstall log creation
Please provide me an uninstall list by performing these instructions:
1. Open HijackThis.
2. Click once on the Config... button.
3. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
4. Click on the button labelled "Open Uninstall Manager...". You'll see a list of currently installed programs.
5. Click on the button labelled "Save list..." and specify where you would like to save the uninstall list.

When you press the Save button, Notepad will open up with the contents of that file. Copy and paste the contents of that Notepad file as a reply to this topic.

Step #6: HijackThis scan
Scan with HijackThis again and post a new HijackThis log.



So in your next reply, please post the entire contents of:
- C:\vundofix.txt
- the uninstall log
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#5 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 25 April 2007 - 06:03 PM

Step #1: Sun Java Console update
1. I can't find any JRE, so I uninstall/remove every J2SE
2. I download "Java Runtime Environment (JRE) 6u1" from the link you gave

Step #2: VundoFix
VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:01:05 AM 4/26/2007

Listing files found while scanning....

C:\WINDOWS\system32\tmp14.tmp.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Step #3: HijackThis fix
Done

Step #4: file(s)/folder(s) deletion
I couldn't find those 3 files, but I believe I delete two of them a while back because it gives me some error whenever I restart my computer, it said something about "can't open edlame.dll" & "can't open filaze.dll", I don't even know what is that file (couldn't find it on google), I could be wrong though

Step #5: uninstall log creation
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Ahead Nero Burning ROM
ASP.NET Portal (CSVS)
AVG 7.5
CDisplay 1.8
Combined Community Codec Pack 2006-07-28 (Remove Only)
COMODO Firewall Pro
DAEMON Tools
Diablo II
FinePixViewer Ver.3.1
FlashGet 1.81
Folder Lock
FUJIFILM USB Driver
Grand Theft Auto Vice City
HijackThis 1.99.1
Java™ SE Runtime Environment 6 Update 1
JCreator LE 3.50
K-Lite Codec Pack 2.27 Full
LimeWire PRO 4.12.3
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
LogMeIn
MATLAB 6.5
Microsoft .NET Framework 2.0
Microsoft ASP.NET Web Matrix
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Office 2003 Web Components
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Analysis Services (SQLEXPRESS)
Microsoft SQL Server 2005 Analysis Services Step by Step
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Reporting Services
Microsoft SQL Server 2005 Reporting Services (SQLEXPRESS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visio Professional 2002 [English]
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Mozilla Firefox (2.0.0.3)
MSXML 6.0 Parser
O2Jam (e-Games) v.3.50
Panda ActiveScan
QuickTime
Real Alternative 1.24
Spybot - Search & Destroy 1.4
SQLXML4
Theme Hospital
UMVPLStandalone
Unlocker 1.8.5
Update for Windows XP (KB898461)
VobSub 2.29 All
VoipBuster
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
WinRAR archiver
Yahoo! Messenger

Step #6: HijackThis scan
Logfile of HijackThis v1.99.1
Scan saved at 12:52:35 AM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtremewrestlingtorrents.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

#6 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:19 AM

Posted 26 April 2007 - 09:34 AM

Great job so far, cmon1011! :thumbsup:



Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


You most likely got infected through file sharing. I see LimeWire Pro installed on your computer: a P2P/File Sharing (related) program. Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. Anytime you are running any type of P2P application, you are more prone to infection.
I suggest to remove this program. If you agree, go to Start > Control Panel > Add/Remove Programs and remove LimeWire Pro.
If you do not want to uninstall the program, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Step #1: HijackThis fix
Scan again with HijackThis (when NOT in Safe Mode). Put a checkmark by this entry if it is present, double-checking to be sure that only this entry is checked:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

If you have not set the http://xtremewrestlingtorrents.net/index.php website as your Internet Explorer's starting page and/or Search Assistant or if you do not want to have this page set as your home page, you can safely put a checkmark by this entry as well if it is present (the R0 entry is for Internet Explorer's starting page and Search Assistant only):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtremewrestlingtorrents.net/index.php

Now close all other windows - you should only see HijackThis on your Desktop - and then click the button labelled "Fix checked".

Step #2: ATF Cleaner download
Please download ATF Cleaner from the link below. Do NOT use the program yet.
Download ATF Cleaner

Step #3: AVG Anti-Spyware download / configuration & scan
Please download AVG Anti-Spyware 7.5 from the link below and save it to your Desktop.
Download AVG Anti-Spyware 7.5

Once downloaded, locate the icon on your Desktop and double-click on it to launch the setup program. Follow the on-screen instructions to install AVG Anti-Spyware.

Before running AVG Anti-Spyware, it is mandatory that you update its definition files. Follow these instructions to update and configure the program:
1. Start AVG Anti-Spyware.
2. Click the Update icon at the top of the screen. On the newly presented screen, click the button labelled "Start Update". The update process will start.
3. Once the update has completed, select the Scanner icon at the top of the screen, followed by clicking the Settings tab.
4. In the newly presented screen, click on the link named "Recommended actions" and then select the Quarantine option.
5. Under Reports, select the radio button labelled "Automatically generate report after every scan". Unselect the checkbox labelled "Only if threats were found".
6. Close AVG Anti-Spyware 7.5.

Now reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.


When in Safe Mode, please follow these instructions to run AVG Anti-Spyware:
1. Close all windows so that you have nothing open and lauch AVG Anti-Spyware by double-clicking the icon on your Desktop.
2. Click the Scanner icon at the top of the screen and select the Scan tab.
3. Click on the "Complete System Scan" icon and AVG Anti-Spyware will begin the scanning process. Be patient as this may take some time.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.
4. When the scan has finished, AVG Anti-Spyware will list any infections found on the left-hand side. It should automatically set the recommended action to Quarantine.
5. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right-hand side.
6. Click on the button labelled "Save Report", followed by pressing the "Save Report As" button. This will create a text file. Make sure you know where to find this file again.
7. Close AVG Anti-Spyware. Do NOT reboot your computer.

Step #4: ATF Cleaner scan
You downloaded ATF Cleaner before. When still in Safe Mode, follow these instructions to run ATF Cleaner:
1. Double-click ATF-Cleaner.exe to run the program.
2. Click once on the Main tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
3. Then click on the button labelled "Empty Selected".

If you use the Mozilla Firefox browser, please follow these instructions as well:
1. Click once on the Firefox tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser, please follow these instructions as well:
1. Click once on the Opera tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Now click the Exit button on the Main tab to exit the program.

Reboot your computer to boot back into normal mode.

Post the entire contents of the saved AVG Anti-Spyware text file in your next reply.

Step #5: Kaspersky Online Scanner scan
Please perform an online scan with Kaspersky Online Scanner (click).
Follow these instructions:
1. Click on the button labelled "Kaspersky Online Scanner".
2. You will be prompted to install an ActiveX component from Kaspersky. Install it.
3. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded, click on NEXT.
4. Now click on "Scan Settings".
5. In the scan settings, make sure the following are selected:
  • Scan using the following Anti-Virus database:
    Extended
    (if available, otherwise Standard)
  • Scan Options:
    Scan Archives
    Scan Mail Bases
6. Click OK.
7. Now under select a target to scan, select My Computer.
The program will start and scan your system. NOTE: The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
8. Click on the button labelled "Save as Text" and save a text file to your Desktop.
9. Copy/Paste the entire contents of that text file and post them as a reply to this topic.

Step #6: HijackThis scan
In normal mode (not in Safe Mode): Scan with HijackThis again and post a new HijackThis log.



So in your next reply, please post the entire contents of:
- the saved AVG Anti-Spyware text file
- the Kaspersky Online Scanner text file
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.

Also let me know how your computer is running now.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#7 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 26 April 2007 - 01:59 PM

Thanks so far :flowers:

Anyway, I have a problem at Step #3: AVG Anti-Spyware download / configuration & scan

When I try to update AVG Anti-Spyware 7.5, it only gives me "Downloading updates, receive data" & it's been like that for about more than 2 hours. Should I just do the next step? (go to safe mode, scan & stuff)

Edit: sorry, I manage to update it right now, for some reason, after I re-add an exception on the firewall, it's now up to date (the exception wasn't working before)
I'll bump after I do every steps that you mention or if I have another problem during the step
thanks :thumbsup:

Edited by cmon1011, 26 April 2007 - 02:19 PM.


#8 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 April 2007 - 03:03 AM

I've uninstalled Limewire

Step #1: HijackThis fix
I've select the url by myself, so I didn't check the entry about that url, other that done it's done

Step #2: ATF Cleaner download
Done

Step #3: AVG Anti-Spyware download / configuration & scan
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:45:41 PM 4/26/2007

+ Scan result:



C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Cleaned with backup (quarantined).
[252] C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Cleaned with backup

(quarantined).
:mozilla.138:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.577:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.632:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
:mozilla.636:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@grouplotto.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.197:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Adbrite : Cleaned.
:mozilla.198:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.211:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.352:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.846:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Burstbeacon : Cleaned.
:mozilla.251:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned.
:mozilla.252:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned.
:mozilla.253:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned.
:mozilla.254:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Casalemedia : Cleaned.
:mozilla.220:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Clickhype : Cleaned.
:mozilla.221:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.85:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.403:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Cpvfeed : Cleaned.
:mozilla.404:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Cpvfeed : Cleaned.
:mozilla.405:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Cpvfeed : Cleaned.
:mozilla.406:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.169:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.523:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Estat : Cleaned.
:mozilla.450:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Euroclick : Cleaned.
:mozilla.451:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Euroclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.562:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Imrworldwide : Cleaned.
:mozilla.563:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.151:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Msn : Cleaned.
:mozilla.152:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Msn : Cleaned.
:mozilla.153:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Msn : Cleaned.
:mozilla.154:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.913:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.51:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Netflame : Cleaned.
:mozilla.52:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.745:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Onestat : Cleaned.
:mozilla.746:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Onestat : Cleaned.
:mozilla.627:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Overture : Cleaned.
:mozilla.628:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Overture : Cleaned.
:mozilla.629:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Overture : Cleaned.
:mozilla.643:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Overture : Cleaned.
:mozilla.63:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.453:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Planetactive : Cleaned.
:mozilla.454:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned.
:mozilla.455:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned.
:mozilla.456:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned.
:mozilla.457:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.654:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Questionmarket : Cleaned.
:mozilla.655:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Questionmarket : Cleaned.
:mozilla.656:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.668:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Realmedia : Cleaned.
:mozilla.669:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Realmedia : Cleaned.
:mozilla.677:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revenue : Cleaned.
:mozilla.678:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.679:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.680:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.681:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.682:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.683:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.684:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.981:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Revsci : Cleaned.
:mozilla.355:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned.
:mozilla.356:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned.
:mozilla.357:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned.
:mozilla.358:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned.
:mozilla.359:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned.
:mozilla.360:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Serving-sys : Cleaned.
:mozilla.928:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Smartadserver : Cleaned.
:mozilla.728:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned.
:mozilla.729:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned.
:mozilla.730:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned.
:mozilla.731:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Specificclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.764:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned.
:mozilla.765:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned.
:mozilla.766:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.777:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.87:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.819:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Weborama : Cleaned.
:mozilla.589:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.958:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Cmon\Cookies\cmon@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.100:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned.
:mozilla.102:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cookies.txt ->

TrackingCookie.Yieldmanager : Cleaned.


::Report end

Step #4: ATF Cleaner scan
Done, it has freed around 85mb for main & 15mb for Firefox

Edit: need two post :thumbsup:

Edited by cmon1011, 27 April 2007 - 03:05 AM.


#9 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 April 2007 - 03:04 AM

Step #5: Kaspersky Online Scanner scan
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 27, 2007 9:28:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/04/2007
Kaspersky Anti-Virus database records: 303544
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 144861
Number of viruses found: 81
Number of infected objects: 138 / 0
Number of suspicious objects: 0
Duration of the scan process: 08:11:09

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\bleep[1].bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\cmdg32.dll.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\filaze.dll.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\iiifde.dll.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\it_0166.exe.bac_a03844 Infected: Trojan.Win32.Pakes.i skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\macme20070305[1].bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\nasha20070222[1].bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\qonkhh.dll.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\temp.fr0748.bac_a03844 Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp13.tmp.exe.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp14.tmp.exe.bac_a03844 Infected:

Trojan-Dropper.Win32.Agent.bdm skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp1C.tmp.exe.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp1CA.tmp.exe.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp1D.tmp.dll.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp1D.tmp.exe.bac_a03844 Infected: Trojan.Win32.Agent.agv

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp1D5.tmp.dll.bac_a01968 Infected: Trojan.Win32.BHO.g

skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp2C.tmp.exe.bac_a03844 Infected:

Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\tmp45.tmp.exe.bac_a03844 Infected:

Trojan-Downloader.Win32.Agent.bjk skipped
C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\cert8.db Object is locked

skipped
C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\history.dat Object is locked

skipped
C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\key3.db Object is locked

skipped
C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\parent.lock Object is locked

skipped
C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\search.sqlite Object is locked

skipped
C:\Documents and Settings\Cmon\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\urlclassifier2.sqlite Object is

locked skipped
C:\Documents and Settings\Cmon\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked

skipped
C:\Documents and Settings\Cmon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked

skipped
C:\Documents and Settings\Cmon\Local Settings\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\Cache\_CACHE_001_

Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\Cache\_CACHE_002_

Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\Cache\_CACHE_003_

Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Application Data\Mozilla\Firefox\Profiles\wtq0a0v5.default\Cache\_CACHE_MAP_

Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\History\History.IE5\MSHist012007042620070427\index.dat Object is locked

skipped
C:\Documents and Settings\Cmon\Local Settings\Temp\Perflib_Perfdata_1d4.dat Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Temp\~DF81ED.tmp Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Temp\~DFAD7C.tmp Object is locked skipped
C:\Documents and Settings\Cmon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked

skipped
C:\Documents and Settings\Cmon\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cmon\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Cmon\~tmp0374.exe Infected: Trojan-Downloader.Win32.Small.enc skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked

skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is

locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked

skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked

skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is

locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked

skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Cmon.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Cmon.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Cmon.log Object is locked skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/Admintoolz/admintoolz/pskill.exe;1 Infected: not-a-virus:NetTool.Win32.PsKill

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/asx-bufferoverrun/Explorer-Win2k-BufferOverrun.Asx;1 Infected: Virus.Script.ASX.Conp

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/cmdget/cmdget.exe;1 Infected: Trojan-Downloader.Win32.Small.ai skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/Cpu Hog/CPUHOG.EXE;1 Infected: Trojan.Win32.CpuHog.10 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/Cpu Hog/UHANFO.EXE;1 Infected: Trojan.DOS.ControlDuSockets.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/Jolt2-Win2k/jolt2.exe;1 Infected: Exploit.Win32.Jolt skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Miscellaneous/Netcat2/netcat 2.0/srvcmd.exe;1 Infected: not-a-virus:RemoteAdmin.Win32.SrvCmd skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/Brutus/BrutusA2.exe;1 Infected:

not-a-virus:PSWTool.Win32.Brutus skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/mungabunga.exe;1/data0001 Infected:

Backdoor.Win32.DSSdoor.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/mungabunga.exe;1/data0003 Infected:

HackTool.Win32.Munga.b skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/mungabunga.exe;1 Infected: HackTool.Win32.Munga.b

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/RevelationV2/SetupRevelationV2.exe;1/WISE0012.BIN

Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/RevelationV2/SetupRevelationV2.exe;1/WISE0013.BIN

Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Modul 13 - Web Based Password Cracking Techniques/RevelationV2/SetupRevelationV2.exe;1 Infected:

not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/A Tool Exploit for WebDav and

IIS.tar.gz;1/KaHT_public.tar/KaHT_public/ehttps/ehttps.exe Infected: Exploit.Win32.WebDav.j skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/A Tool Exploit for WebDav and

IIS.tar.gz;1/KaHT_public.tar/KaHT_public/KaHT.exe Infected: Exploit.Win32.WebDav.i skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/A Tool Exploit for WebDav and IIS.tar.gz;1/KaHT_public.tar Infected:

Exploit.Win32.WebDav.i skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/A Tool Exploit for WebDav and IIS.tar.gz;1 Infected:

Exploit.Win32.WebDav.i skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/DComExpl_UnixWin32/DComExploit.exe;1 Infected: Exploit.Win32.DCom.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/execiis-win32.exe;1 Infected: Exploit.Win32.IISError skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/hk/hk.exe;1 Infected: Trojan.Win32.HK skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/IdqOverflow.exe;1 Infected: Exploit.Win32.Snakeover.20 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/IIS WebDav Exploit/wb.exe;1 Infected: Exploit.Win32.WebDav.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/IIS5-Koei.exe;1 Infected: Exploit.Win32.PrinterOverflow.d skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iis5hack/iis5hack.exe;1 Infected: Exploit.Win32.IndexServerOverflow.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iis5hack/iis5hack.pl;1 Infected: Exploit.Win32.IndexServerOverflow.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iiscrack.dll/iiscrack/iiscrack.dll;1 Infected: Exploit.Win32.IISCrack.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iishack/eEye.retina.vs.iis4/iishack.exe;1 Infected:

Trojan.Win32.IIS_Hack skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iishack/eEye.retina.vs.iis4/ncx.exe;1 Infected: Backdoor.Win32.Ncx.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iishack/eEye.retina.vs.iis4/ncx99.exe;1 Infected: Backdoor.Win32.Ncx.b

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/IISIDQ.exe;1 Infected: Exploit.Win32.Snakeover.20 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iisxploit.exe;1 Infected: Exploit.Win32.Xploit.b skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/iis_dos.exe;1 Infected: DoS.Win32.Agent.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/ispc/idq.dll;1 Infected: Exploit.Win32.CAN.1999-0412.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/ispc/ispc.exe;1 Infected: Exploit.Win32.CAN.1999-0412.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/jill-32/jill-win32.exe;1 Infected: Exploit.Win32.PrinterOverflow.g

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/jill-32/nc/NC.EXE;1 Infected: not-a-virus:RemoteAdmin.Win32.NetCat

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/jill-32/nc/nc11nt.zip;1/nc.exe Infected:

not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 11 - Hacking Web Servers/jill-32/nc/nc11nt.zip;1 Infected: not-a-virus:RemoteAdmin.Win32.NetCat

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/HelpMe2.pl;1 Infected: Exploit.Perl.CAN.2002-0823

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application

Vulnerabilities/htmlbar.msi;1/_D858A5B5474822BC32A1EA1D711ABE6C/_AE63393C2AE41F1B8135DD8834063CFB Infected:

not-a-virus:AdWare.Win32.HotBar.aw skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/htmlbar.msi;1/_D858A5B5474822BC32A1EA1D711ABE6C Infected:

not-a-virus:AdWare.Win32.HotBar.aw skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/htmlbar.msi;1 Infected: not-a-virus:AdWare.Win32.HotBar.aw

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/IEEN/ieen_c.exe;1 Infected: not-a-virus:NetTool.Win32.IEEN.030

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/IEEN/ieen_s.exe;1 Infected: not-a-virus:NetTool.Win32.IEEN.030

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/jill-win32.exe;1 Infected: Exploit.Win32.PrinterOverflow.g

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/Win32Hlp/s0h_Win32hlp.exe;1 Infected: HackTool.Win32.CntLink

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 12 - Web Application Vulnerabilities/WindowBomb.htm;1 Infected: Trojan.JS.WindowBomb.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 14 - SQL Injection/forceSQL/forceSQL.exe;1 Infected: not-a-virus:PSWTool.Win32.ForceSQL.20

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 14 - SQL Injection/sql2.exe;1 Infected: Exploit.Win32.SQLhuc.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 14 - SQL Injection/sqldict.exe;1 Infected: HackTool.Win32.SQLPass.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 14 - SQL Injection/sqlexec/SQLExec.exe;1 Infected: Trojan.Win32.SQLExec skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 14 - SQL Injection/thcsql/THCsql.exe;1 Infected: Exploit.Win32.CAN.2002-0649.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/AceVirus.bat.txt;1 Infected: Trojan.BAT.KillAll.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Anti-Virus Signature Offset Finder/avpoffset.exe;1 Infected: VirTool.Win32.Avpsof

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Batch-File-Virus-Creator.exe;1 Infected: Constructor.Win32.Tvirus skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/casino/CASINO.COM;1 Infected: Virus.DOS.Nuke.1680 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Godmessage_worm0.1/GMW.vbs;1 Infected: Email-Worm.VBS.GMW skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/ILVOEYOU1.txt;1 Infected: Email-Worm.VBS.LoveLetter skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/ILVOEYOU2.txt;1 Infected: Email-Worm.VBS.LoveLetter skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/ILVOEYOU3.txt;1 Infected: Email-Worm.VBS.LoveLetter skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Internet Worm Generator/SSIWG.EXE;1 Infected: Constructor.VBS.SSIWG.20 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Klez Virus Live!/face.exe;1 Infected: Email-Worm.Win32.Klez.h skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Klez Virus Live!/Living.pif;1 Infected: Email-Worm.Win32.Klez.h skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Klez Virus Live!/Lnwtg.exe;1 Infected: Email-Worm.Win32.Klez.h skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Klez Virus Live!/snoopy.exe;1 Infected: Email-Worm.Win32.Klez.h skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Membrain/MBTEST.EXE;1 Infected: Trojan.DOS.Membrain skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Membrain/MEMBRAIN.EXE;1 Infected: Virus.DOS.HLLO.Membrain skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Netbus.vir/NETBUS.EXE;1 Infected: Backdoor.Win32.Pipes skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/Stealth Batch/StealthBatch.exe;1 Infected: Trojan-Dropper.Win32.StealthBat

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/1i0n.sh Infected: Net-Worm.Linux.Ramen.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/hack.sh Infected: Net-Worm.Linux.Ramen.b skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/bind Infected: Net-Worm.Linux.Ramen.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/randb Infected: Net-Worm.Linux.Ramen skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/scan.sh Infected: Net-Worm.Linux.Ramen.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/pscan Infected: Net-Worm.Linux.Ramen.b skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/star.sh Infected: Net-Worm.Linux.Ramen.b skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/bindx.sh Infected: Net-Worm.Linux.Ramen.c skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar/lib/getip.sh Infected: Net-Worm.Linux.Ramen skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1/lib.tar Infected: Net-Worm.Linux.Ramen skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 16 - Virus/w0rm10n.tar;1 Infected: Net-Worm.Linux.Ramen skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/burglar/BURGLAR.NLM;1 Infected: Trojan.Novell.Burglar skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/CONTROL/MASTER.EXE;1 Infected: Backdoor.Win32.IpxCtrl skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/CONTROL/MINION.EXE;1 Infected: Backdoor.Win32.IpxCtrl skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/getit/GETIT.COM;1 Infected: Trojan.DOS.GetLogin.100 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/getit/GETIT.OBJ;1 Infected: Trojan.DOS.GetLogin.100 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/KEYCOPY/KEYCOPY.COM;1 Infected: Trojan-Spy.DOS.Keycopy skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 17 - Novell Hacking/KEYTRAP/KEYTRAP.COM;1 Infected: Trojan-Spy.DOS.KeyTrap.20 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 18 - Linux Hacking/fbsd_rootkit_1_2_tar.gz;1/fbsd.rootkit.1.2.tar/fbsdrootkit-1.2/install.sh

Infected: Rootkit.FreeBSD.Agent.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 18 - Linux Hacking/fbsd_rootkit_1_2_tar.gz;1/fbsd.rootkit.1.2.tar/fbsdrootkit-1.2/dotrip.sh

Infected: Rootkit.FreeBSD.Agent.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 18 - Linux Hacking/fbsd_rootkit_1_2_tar.gz;1/fbsd.rootkit.1.2.tar Infected:

Rootkit.FreeBSD.Agent.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 18 - Linux Hacking/fbsd_rootkit_1_2_tar.gz;1 Infected: Rootkit.FreeBSD.Agent.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 19 - Evading IDS, Firewalls and Honeypots/ackcmd/AckCmdC.exe;1 Infected: Backdoor.Win32.AckCmd

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 19 - Evading IDS, Firewalls and Honeypots/ackcmd/AckCmdS.exe;1 Infected: Backdoor.Win32.AckCmd

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 21 - Cryptography/distributed.net/dnetc.com;1 Infected: not-a-virus:NetTool.Win32.Calc-DNet.l

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 21 - Cryptography/distributed.net/dnetc.exe;1 Infected: not-a-virus:NetTool.Win32.Calc-DNet.g

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 21 - Cryptography/distributed.net/setup.exe;1/DNETC.EXE Infected:

not-a-virus:NetTool.Win32.Calc-DNet.g skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 21 - Cryptography/distributed.net/setup.exe;1/DNETC.COM Infected:

not-a-virus:NetTool.Win32.Calc-DNet.l skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 21 - Cryptography/distributed.net/setup.exe;1 Infected: not-a-virus:NetTool.Win32.Calc-DNet.l

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 3 - Scanning/backstealth/backstealth.exe;1 Infected: HackTool.Win32.BackStealth skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 3 - Scanning/firewar/firewar.exe;1 Infected: Exploit.Win32.Firewar skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 3 - Scanning/Lite-SOCKS/Generator.exe;1 Infected: Backdoor.Win32.Aphexdoor.LiteSock skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 3 - Scanning/Lite-SOCKS/Server.exe;1 Infected: Backdoor.Win32.Aphexdoor.LiteSock skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 4 - Enumeration/enum_tar.gz;1/enum/enum.exe Infected: HackTool.Win32.EnumPlus.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 4 - Enumeration/enum_tar.gz;1 Infected: HackTool.Win32.EnumPlus.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/c2myazz/C2MYAZZ.EXE;1 Infected: Spoofer.Win32.Myazz skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/E-Mail Keylogger.exe;1 Infected: Trojan-Spy.Win32.SCKeyLog.20 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/Fearless Keylogger/FKS.exe;1 Infected: Trojan-Spy.Win32.Fearless.11.b

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/getadmin/GetAdmin.exe;1 Infected: Exploit.Win32.GetAdmin.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/getadmin/hk.exe;1 Infected: Trojan.Win32.HK skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/getadmin/starAPI.dll;1 Infected: Exploit.Win32.GetAdmin.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/iks2k20d.exe;1/datview.exe Infected: not-a-virus:Monitor.Win32.IKSlog.20.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/iks2k20d.exe;1/iks.sys Infected: not-a-virus:Monitor.Win32.IKSlog.21

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/iks2k20d.exe;1/iksinstall.exe Infected: not-a-virus:Monitor.Win32.IKSlog.21

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/iks2k20d.exe;1 Infected: not-a-virus:Monitor.Win32.IKSlog.21 skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso/Module 5 - System Hacking/kerbcrack/kerbcrack.exe;1 Infected: not-a-virus:PSWTool.Win32.KerbCrack.a

skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso/Certified Ethical Hacker Lab

3.0/CEH3.01.iso Infected: not-a-virus:PSWTool.Win32.KerbCrack.a skipped
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso ISO image: infected - 117

skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Step #6: HijackThis scan
Logfile of HijackThis v1.99.1
Scan saved at 9:39:30 AM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Cmon\My Documents\utorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtremewrestlingtorrents.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

About my computer, I don't know why, but lately I never encounter the error that I used to have with Svchost.exe, maybe it happen after this:
When I want to try to enable Windows's firewall (because you said I must use it), the Windows Firewall/Internet Connection Sharing (ICS) is not Started, I assume because I got an error on Svchost.exe before, so maybe that service is down, I try to start the service it but it gives me an error something about "you're not authorized" or "error 5", I forgot, that's why I install one of your recommend firewall
After I install the firewall, if I remember correctly, I need to restart my computer, after that, as far as I know, I never see an error with Svchost.exe

About Kaspersky, it detect my "C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\..", I never really open that folder, I download it a long time ago, maybe I open those folder last year, this is the first time any scan online/anti virus detect those as virus/infected files

It takes me quite a while to do all of above steps, more than 10 hours only to scan :thumbsup: so I reply this a bit late than my previous post :flowers:

Thanks so far, htv8 :huh:

#10 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:19 AM

Posted 28 April 2007 - 09:32 AM

Hello again.

When I want to try to enable Windows's firewall (because you said I must use it), <...>

I did not say that you must use the Windows Firewall. In fact, the Windows Firewall solely blocks unsolicited incoming traffic. However, you cannot configure Windows Firewall to block outgoing traffic. In order to prevent unauthorised traffic both out of and into your computer, I strongly recommended to install another firewall: using a more powerful firewall is really recommended. It is important that you use a good software firewall in order to keep your computer safe and secure on the Internet.



Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: UploadMalware.com upload
If not already enabled, please follow these steps to enable the viewing of hidden files in Windows XP:
1. Close all programs so that you are at your Desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and then click on the menu option labelled "Folder Options".
4. After the new window appears select the View tab.
5. Remove the checkmark from the checkbox labelled "Hide file extensions for known file types".
6. Remove the checkmark from the checkbox labelled "Hide protected operating system files".
7. Select the radio button labelled "Show hidden files and folders".
8. Press the Apply button and then press the OK button and shutdown My Computer.

Your computer is now configured to show all hidden system files and folders.

Now go to UploadMalware.com and follow these directions to submit the file listed below:
1. In the Name field, please enter your display name: cmon1011.
2. In the Email or Topic field, please copy/paste the entire URL to this topic: http://www.bleepingcomputer.com/forums/t/89067/error-on-svchostexe/.
3. Upload the following file by clicking the Browse... button(s), located next to File(s) To Submit (do not be concerned if the file does not exist):
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0\Certified Ethical Hacker Lab 3.0.iso
4. In the Comments and Further Info field, please type the following: request by htv8.
5. Click the Send File(s) button to submit the file found.
NOTE: If the file is too big to upload, do not worry and leave this step out.

Step #2: file(s)/folder(s) deletion
Reboot your computer into Safe Mode. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.


Now delete the following files (do not be concerned if they do not exist):
C:\Documents and Settings\Cmon\.housecall6.6\Quarantine\ <-- all files in the Quarantine folder
C:\Documents and Settings\Cmon\~tmp0374.exe

You said you downloaded Certified Ethical Hacker Lab 3.0 a long time ago and that you never really opened the folder belonging to it. As the Kaspersky Online Scanner flags this tool and the related files as bad, I strongly recommend removing it. Especially if you have not used it for a long time and if you do not plan on using it in the future, removing it is a good solution for your safety. If you agree, please delete this folder if it is present:
C:\Project\BitMe\Certified Ethical Hacker Lab 3.0 <-- this folder

Reboot your computer to boot back into normal mode.

Step #3: LogMeIn reinstallation
AVG Anti-Spyware flagged the LogMeIn Remote Access and Desktop Control Software for your PC as bad and quarantined some files belonging to it.
Did you install this program yourself and do you use it? If you use this program, reinstall the application as the LogMeIn application does probably not work properly anymore. First go to Start > Control Panel > Add/Remove Programs and uninstall LogMeIn. Then reinstall the program.
If necessary, you can download the program from the link below.
Download LogMeIn - Remote Access and Desktop Control Software for your PC

Step #4: HijackThis scan
Scan with HijackThis and post a new HijackThis log.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#11 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 April 2007 - 10:43 AM

Hello again.

When I want to try to enable Windows's firewall (because you said I must use it), <...>

I did not say that you must use the Windows Firewall.


I meant about "I must use firewall", not Windows's firewall because I think it's easier to enable windows firewall since I don't need to download another one :thumbsup: But now I'm using Comodo from the link that you gave me :D

Step #1: UploadMalware.com upload
I don't know whether the size is too big or not, the size around 600-700mb, I tried to upload it but it gives me error about server not response/too long to response, so I skip this step

Step #2: file(s)/folder(s) deletion
Done, I delete it

Step #3: LogMeIn reinstallation
Yes, I install it by myself, I need it sometimes & I already reinstall it

Step #4: HijackThis scan
Logfile of HijackThis v1.99.1
Scan saved at 5:35:11 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtremewrestlingtorrents.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

Thanks again ;)

Edited by cmon1011, 28 April 2007 - 10:44 AM.


#12 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:19 AM

Posted 28 April 2007 - 03:24 PM

Your log looks clean now. Good work! :thumbsup:
How is your computer running? Do you experience any more problems? If you do, please report back.

Now please follow the simple steps below in order to keep your computer clean and secure.

Step #1: re-hide hidden system files and folders
Re-hide your hidden system files and folders again, because above instructions to set your system to show all files, unhide legit files and folders as well, and I don't want you to delete them because they may look suspicious. To hide them again, just perform these instructions:
1. Close all programs so that you are at your Desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and then click on the menu option labelled "Folder Options".
4. After the new window appears select the View tab.
5. Place a checkmark in the checkbox labelled "Hide file extensions for known file types".
6. Place a checkmark in the checkbox labelled "Hide protected operating system files".
7. Deselect the radio button labelled "Show hidden files and folders".
8. Press the Apply button and then press the OK button and shutdown My Computer.

Now your computer is configured to hide all hidden system files and folders.

Step #2: reset and re-enable System Restore
Reset and re-enable System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files:
1. Close all programs so that you are at your Desktop.
2. Go to Start > Run.
3. In the Run: field type SYSDM.CPL and press the OK button.
4. Click the System Restore tab.
5. Place a checkmark in the checkbox labelled "Turn off System Restore" to disable System Restore.
6. Click the Apply button.
7. Uncheck the option labelled "Turn off System Restore" to turn System Restore back on.
8. Click the OK button.
9. Reboot.

Step #3
Finally, and definitely the MOST IMPORTANT step, click on this tutorial and follow each step listed here:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Do not forget to tell your friends about us.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#13 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 April 2007 - 03:51 PM

My computer looks better since you told me to use firewall
But now everything looks fine :thumbsup:

Step #1: re-hide hidden system files and folders
Finally I can re-hide those :flowers:
Done

Step #2: reset and re-enable System Restore
I never use System Restore & always turn them off, should I enable it?

Step #3
I miss 2-3 steps there, now some questions:
1. Should I keep AVG Anti-Spyware if it's really necessary? or AVG Anti-virus is enough? Should I use one of them or both?
2. It's safe now to update my windows, right? Because I haven't update it since I install it, but I got this error: it happens when installing one of the update, & suddenly my computer restart by itself, after restart, it gives me this:
Posted Image
I manage to update some of it & currently I'm still trying to update & install it, my computer already restart by itself at least 3 times now :huh:
3. Should I keep VundoFix? Or just delete it because I don't need it anymore?
4. Should I keep ATF-Cleaner? Or just delete it because I don't need it anymore?

Thanks :D

Edited by cmon1011, 28 April 2007 - 08:35 PM.


#14 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:19 AM

Posted 30 April 2007 - 02:00 AM

I never use System Restore & always turn them off, should I enable it?

Windows XP's System Restore is a great and helpful feature in case any problems occur. You can use System Restore to undo changes made by a downloaded or installed new game, application, or software update, etc. Sometimes a certain change may make your system unstable. You can use System Restore to remove any system changes that were made since the last time you remember your computer working correctly. System Restore does not affect your personal data files so you won't lose changes made to these files.
That being said, I would recommend turning Windows XP's System Restore feature back on if it is currently disabled. If System Restore is disabled at the moment and you want to re-enable it, just turn System Restore back on (by following my instructions). If System Restore is enabled at the moment, though, you have to disable it first and then re-enable it again to remove infected files that have been backed up by Windows.

1. Should I keep AVG Anti-Spyware if it's really necessary? or AVG Anti-virus is enough? Should I use one of them or both?

Keeping AVG Anti-Spyware is not really necessary. However, it is a great spyware detecting and removal program. The choice is up to you if you want to keep it or not.
Please note that the AVG Anti-Spyware version you downloaded from Grisoft website at www.grisoft.com is the trial version of AVG 7.5 Anti-Spyware. After installation, this trial version will run for 30 days - containing all the extensions of the full version. To be able to use all features of the full version of AVG 7.5 Anti-Spyware after the 30-day trial period, you need to purchase the full version online from the Grisoft website. At the end of the trial period, the full version extensions (like the inbuilt Resident Shield) will be deactivated and the program will turn into a feature-limited freeware version (if you did not activate the product). AVG Anti-Spyware works well as a demand scanner, which it will become at the end of the trial.

2. It's safe now to update my windows, right? Because I haven't update it since I install it

Yes. It's safe now to update your Windows by visiting Microsoft's Windows Update site.

[...] but I got this error: it happens when installing one of the update, & suddenly my computer restart by itself, after restart, it gives me this:
http://img228.imageshack.us/img228/4968/11nm3.png
I manage to update some of it & currently I'm still trying to update & install it, my computer already restart by itself at least 3 times now :thumbsup:

Try cleaning your temp files again using ATF Cleaner. That probably resolves the problem as the error related files are temporary files. Follow these instructions to run ATF Cleaner:
1. Double-click ATF-Cleaner.exe to run the program.
2. Click once on the Main tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
3. Then click on the button labelled "Empty Selected".

If you use the Mozilla Firefox browser, please follow these instructions as well:
1. Click once on the Firefox tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser, please follow these instructions as well:
1. Click once on the Opera tab at the top of the screen and put a checkmark in the radiobutton labelled "Select All".
2. Then click on the button labelled "Empty Selected". NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Now click the Exit button on the Main tab to exit the program.

If you get this error again, could you please post the technical data about the error report?

3. Should I keep VundoFix? Or just delete it because I don't need it anymore?

Delete VundoFix. You do not need it anymore.

4. Should I keep ATF-Cleaner? Or just delete it because I don't need it anymore?

That choice is up to you. ATF Cleaner is one of those many temp file removal tools available on the Internet. The files removed by this program take up valuable space on your computer as well as slow it down. Removing these files on a regular basis is really recommended but could be time consuming. ATF Cleaner, however, makes this task less tedious. :flowers:
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#15 cmon1011

cmon1011
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 30 April 2007 - 02:03 PM

If you get this error again, could you please post the technical data about the error report?

How to do that? The picture that I showed to you is the error that they gave me, or is there any other report that I can show to you?
& for some reason, suddenly I got this after my computer restart by itself when I try to update it
Posted Image
MSXML 6.0 RTM Security Update (KB927977) --> I got error when I want to install this one

Edited by cmon1011, 30 April 2007 - 02:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users