Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bd Peacomm Trojan


  • This topic is locked This topic is locked
10 replies to this topic

#1 Fujimo24

Fujimo24

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:FLORIDA
  • Local time:06:21 AM

Posted 25 April 2007 - 08:25 AM

My daughter let her anti-virus run out and didn't tell me until it wouldn't connect to the internet. You gotta love teenagers. I managed to get it where it would connect, put Norton anti-virus on it, when it did get connected Norton would constantly pop up and scanning outgoing email, there were about 12 windows popped up scanning outgoing email before I got it unplugged from the internet. It was sending out spam. I did a full scan offline, Norton found 8 viruses and fixed 1, quarantined the other 7. I ran adaware removed all it found, rebooted and scanned again, while scanning Norton kept popping up saying it had blocked an inbound worm attempt, but I was offline so I know it was internal. When I clicked on more info, it said it was the BD Peacomm Trojan. I did another scan in safe mode, and it didn't find anything. I installed zone alarm and blocked everthing going out, went to the Kasperbyscan site and did a scan. I have turned off system restore to remove all restore points, unhidden all files, including system files, deleted all temporary files, deleted the temp files Kasperbyscan found, ran adaware again. I am still getting the message from Norton about the Peacomm trojan. I will post my Hijack this log, if needed I also have the results from the Kasperbyscan. Thanks in advance for all the help.


Logfile of HijackThis v1.99.1
Scan saved at 5:29:46 AM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\My Documents\HiJack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 April 2007 - 08:52 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Fujimo24 :thumbsup:

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

*****************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.

Edited by RichieUK, 25 April 2007 - 08:54 AM.

Posted Image
Posted Image

#3 Fujimo24

Fujimo24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:FLORIDA
  • Local time:06:21 AM

Posted 25 April 2007 - 08:55 AM

Thank you, I wasn't expecting such a quick response, I am at work right now, I will do as you suggested and post as soon as I get home. Thanks again.

#4 Fujimo24

Fujimo24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:FLORIDA
  • Local time:06:21 AM

Posted 25 April 2007 - 04:28 PM

OK, this is what I got.


SDFix: Version 1.79

Run by Owner - Wed 04/25/2007 - 13:17:57.51

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Owner\Desktop\sdfix\SDFix

Safe Mode:
Checking Services:

Name:
lsass
ntldr.sys

ImagePath:
"C:\WINDOWS\scvhost.exe"
\??\C:\ntldr.sys

lsass - Deleted
ntldr.sys - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\wincom32.ini - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133289733\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133289733\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133289733\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133289733\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1137555221\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137555221\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137555221\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137555221\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1152883692\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1152883692\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1152883692\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1152883692\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\75A.tmp"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\75A.tmp:*:Enabled:010701001A6C323F"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Owner\Desktop\sdfix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Owner\NetHood\evadracing.com\Desktop.ini
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Simple Star\PhotoShow 2\data\PhotoShow 2.exe
C:\WINDOWS\SMINST\HPCD.SYS
C:\WINDOWS\system32\AA14DCCEBF.sys
C:\WINDOWS\system32\pqtwa.tmp

Finished


"Owner" - 07-04-25 16:42:38 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\strings.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\TriJinx.exe
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\crackedstopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\cursor.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\doorlights.txt
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\greybomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\p1icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scorecloud.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\setup.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\stopper.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\timer.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\timerglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\timericon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\tm.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\warning.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\dirt.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\beetles\tritop.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\checkdown.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\checkup.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\levels\levels.dat
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\disk.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\flattri.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\pyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\quad.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\flash.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\rubble.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\smoke.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\smoke2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\sfx\smoke3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousered1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousered2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mousered3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\areabomb.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\boardfill.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\brick3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\bricktip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\eye4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\red.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\redrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\wild.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\yellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image0.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image1.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image2.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\upsell\image3.jpg
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\bluebucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\chainlink.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\chaintip.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\genericbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\greenbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\redbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallblue.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallgreen.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallred.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\smallyellow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\urnglow.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\urnplatform.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\error.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\game.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\gameover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\hiscore.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\instructions.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\leveldesign.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\levelover.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\mainarcade.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\mainconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\maincontinue.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\maingames.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\mainpuzzle.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\maphelptip.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\options.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\pause.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\quitconfirm.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\start.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\storyplayer.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\style.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55\screens\upsell.lua
C:\WINDOWS\DOWNLO~1.\TriJinx.1.0.0.55


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))


2007-04-25 13:16 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-04-25 04:37 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-04-25 04:37 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-04-25 04:37 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-04-24 21:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-24 21:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-04-24 20:46 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\MailFrontier
2007-04-24 20:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-24 20:06 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-24 19:59 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-24 19:59 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-24 19:59 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-24 17:53 <DIR> d-------- C:\VundoFix Backups
2007-04-23 22:52 <DIR> d-------- C:\Program Files\SymNetDrv
2007-04-23 22:06 <DIR> d-------- C:\Program Files\CCleaner
2007-04-23 19:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-23 18:28 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
2007-04-23 17:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-23 17:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-23 17:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-23 17:22 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-04-23 17:22 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-04-23 17:21 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-23 17:21 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-19 20:03 29,696 --a------ C:\WINDOWS\system32\drivers\DM9PCI5.SYS
2007-04-11 22:07 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-03-28 18:41 517,848 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-03-28 18:41 47,192 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:41 37,016 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:41 266,552 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:41 18,904 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:41 171,928 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:41 132,824 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-03-28 18:41 11,480 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-03-28 00:37 <DIR> d-------- C:\DOCUME~1\Owner\AbiSuite
2007-03-28 00:35 <DIR> d-------- C:\Program Files\AbiSuite2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-24 19:16 -------- d-------- C:\Program Files\yahoo!
2007-04-24 19:11 -------- d--h----- C:\Program Files\installshield installation information
2007-04-23 22:53 -------- d-------- C:\Program Files\symantec
2007-04-23 22:19 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\openoffice.org2
2007-04-16 07:27 -------- d-------- C:\Program Files\ea games
2007-04-16 07:25 -------- d-------- C:\Program Files\visioneer onetouch
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 22:01 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\u3
2007-03-11 00:03 -------- d-------- C:\Program Files\msxml 4.0
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d8430e-7a9d-11db-b502-001217723043}]
Shell\AutoRun\command F:\LaunchU3.exe -a
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_IP6FW


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-25 17:01:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\winmgmt6baa-7cec

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\windev-6baa-7cec.sys 139264 bytes
C:\WINDOWS\system32\windev-peers.ini 12288 bytes

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 2


********************************************************************

Completion time: 07-04-25 17:02:18
C:\ComboFix-quarantined-files.txt ... 07-04-25 17:02


Logfile of HijackThis v1.99.1
Scan saved at 5:13:12 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Owner\My Documents\HiJack\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I didn't get any notices from Norton, but the computer is brutally slow now.

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 April 2007 - 04:44 PM

Download\unzip to your desktop AVG Anti-Rootkit Free:
http://free.grisoft.com/softw/70free/setup...up-1.1.0.42.exe
Launch AVG,click on the 'Search for Rootkits' tab.
Then click on 'Perform in-depth search'.
When the scan has finished click on 'Save result to file'.
Copy and paste those results into your next reply.
Posted Image
Posted Image

#6 Fujimo24

Fujimo24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:FLORIDA
  • Local time:06:21 AM

Posted 25 April 2007 - 05:23 PM

I did the scans but I don't see where I can save results, there are 3 items detected I can check and have removed, but I wasn't sure if that is what you want me to do. let me know. Thanks

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 April 2007 - 05:29 PM

HKLM\SYSTEM\CurrentControlSet\Services\winmgmt6baa-7cec
C:\WINDOWS\system32\windev-6baa-7cec.sys 139264 bytes
C:\WINDOWS\system32\windev-peers.ini 12288 bytes


The three items detected will be the above,fix them all then restart your pc,post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#8 Fujimo24

Fujimo24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:FLORIDA
  • Local time:06:21 AM

Posted 25 April 2007 - 05:46 PM

These are the three items it removed.
C:\WINDOWS\system32\windev-6baa-7cec.sys,Hidden driver file
c:\WINDOWS\system32\windev-6baa-7cec.sys,Hidden File
c:\WINDOWS\system32\windev-peers.ini,Hidden File

Here is the hijack log after a reboot.

Logfile of HijackThis v1.99.1
Scan saved at 6:37:47 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Owner\My Documents\HiJack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Running much smoother now. Thanks, I will keep you posted.

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 April 2007 - 06:14 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\QooBox
C:\SDFix

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#10 Fujimo24

Fujimo24
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:FLORIDA
  • Local time:06:21 AM

Posted 25 April 2007 - 06:46 PM

Thank you very much for all the help, I deleted the Qoobox file but there is no sdfix file to delete. I turned system restore back on and made a restore point. Thanks again for all the help.

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 25 April 2007 - 07:22 PM

You're welcome :thumbsup:

Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users