|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
06-11-2007, 08:33 PM
|
#22 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,355
OS: XP
|
Re: Log Help... Please!
ChkDsk.exe is an important System file. Do you have another similar XP machine where this can be copied over?
|
|
     |
|
06-11-2007, 09:10 PM
|
#25 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 21
OS: Windows Vista
|
Re: Log Help... Please!
Here is the only .txt files it produced.
ComboFix 07-06-11.3 - C:\Documents and Settings\Slake\Desktop\ComboFix.exe "Slake" - 2007-06-11 22:58:13 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\vtromn.dll C:\WINDOWS\nmortv.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\install.log C:\WINDOWS\system32\perfc000.dat C:\WINDOWS\system32\tmp3B.tmp.dll C:\WINDOWS\system32\tmp3C.tmp.dll C:\WINDOWS\system32\tmp41.tmp.dll C:\WINDOWS\system32\tmp46.tmp.dll C:\WINDOWS\system32\tmp4F.tmp.dll C:\WINDOWS\system32\tmp58.tmp.dll C:\WINDOWS\system32\tmp5B.tmp.dll C:\WINDOWS\system32\tmp63.tmp.dll C:\WINDOWS\system32\tmp7E.tmp.dll C:\WINDOWS\system32\wcpcc.exe ((((((((((((((((((((((((( Files Created from 2007-05-12 to 2007-06-12 ))))))))))))))))))))))))))))))) 2007-06-11 22:51 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe 2007-06-11 20:22 94,083,626 --a------ C:\jumpgateus_installer_10062-full.exe 2007-06-11 20:21 <DIR> d-------- C:\DOCUME~1\Slake\APPLIC~1\IGN_DLM 2007-06-11 20:20 <DIR> d-------- C:\Program Files\Download Manager 2007-06-11 18:20 <DIR> d-------- C:\JG 2007-06-07 09:36 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-05 22:54 58,796 --a------ C:\WINDOWS\aitco.exe 2007-06-05 22:54 12,010 --a------ C:\WINDOWS\system32\vtutroo.dll 2007-06-05 22:09 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp7E.tmp.exe 2007-06-05 22:09 252,168 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp7F.tmp.exe 2007-06-05 22:09 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp80.tmp.exe 2007-06-05 21:53 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp63.tmp.exe 2007-06-05 21:53 252,168 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp64.tmp.exe 2007-06-05 21:53 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp65.tmp.exe 2007-06-05 21:43 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp5B.tmp.exe 2007-06-05 21:43 252,168 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp5C.tmp.exe 2007-06-05 21:43 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp5D.tmp.exe 2007-06-05 21:27 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp58.tmp.exe 2007-06-05 21:27 252,168 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp59.tmp.exe 2007-06-05 21:27 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp5A.tmp.exe 2007-06-05 21:14 252,168 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp50.tmp.exe 2007-06-05 21:14 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp51.tmp.exe 2007-06-05 21:13 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp4F.tmp.exe 2007-06-05 21:01 252,168 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp43.tmp.exe 2007-06-05 21:01 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp45.tmp.exe 2007-06-05 20:59 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp41.tmp.exe 2007-06-04 15:50 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp3C.tmp.exe 2007-06-04 07:13 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp46.tmp.exe 2007-06-04 07:13 233,611 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp48.tmp.exe 2007-06-04 07:13 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp49.tmp.exe 2007-06-04 07:13 17,010 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp47.tmp.exe 2007-06-03 21:04 252,169 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp3F.tmp.exe 2007-06-03 21:04 2,560 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp40.tmp.exe 2007-06-03 21:04 17,010 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp3E.tmp.exe 2007-06-03 21:03 50,970 --a------ C:\DOCUME~1\Slake\APPLIC~1\tmp3B.tmp.exe 2007-06-02 22:45 58,796 --a------ C:\WINDOWS\ylyfn.exe 2007-06-02 22:45 37,535 --a------ C:\WINDOWS\system32\kmdrop.dll 2007-06-02 22:45 12,010 --a------ C:\WINDOWS\system32\mljjjhf.dll 2007-06-01 03:15 <DIR> d-------- C:\DOCUME~1\Slake\APPLIC~1\Aquarius Soft 2007-06-01 03:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aquarius Soft 2007-06-01 03:13 <DIR> d-------- C:\Program Files\Aquarius Soft 2007-05-30 07:29 49,152 --a------ C:\WINDOWS\wchph.exe 2007-05-29 22:50 967 --a------ C:\WINDOWS\ScUnin.pif 2007-05-29 22:50 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-05-29 22:50 35,382 --a------ C:\WINDOWS\scunin.dat 2007-05-28 15:14 22,169 --a------ C:\WINDOWS\zzzx.exe 2007-05-28 14:25 528 --a------ C:\WINDOWS\eReg.dat 2007-05-28 14:18 <DIR> d-------- C:\Program Files\EA Games 2007-05-25 21:57 <DIR> d-------- C:\GB Advance 2007-05-22 00:25 <DIR> d-------- C:\Program Files\PokerStars 2007-05-21 00:06 75,892 --a------ C:\WINDOWS\War3Unin.dat 2007-05-21 00:06 2,829 --a------ C:\WINDOWS\War3Unin.pif 2007-05-21 00:06 139,264 --a------ C:\WINDOWS\War3Unin.exe 2007-05-21 00:02 <DIR> d-------- C:\Program Files\Warcraft III 2007-05-20 23:43 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-05-12 13:51 <DIR> d-------- C:\Program Files\Common Files\AOLSHARE (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-12 02  16 -------- d-----w C:\Program Files\Starcraft2007-06-11 16:04:01 -------- d-----w C:\Program Files\Common Files\AOL 2007-06-06 01:52:21 -------- d-----w C:\Program Files\Azureus 2007-05-17 10:30:45 -------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2007-05-16 23:11:30 -------- d-----w C:\Program Files\World of Warcraft 2007-04-26 15:16:49 -------- d-----w C:\Program Files\NetDevil 2007-04-26 15:14:13 -------- d-----w C:\DOCUME~1\Slake\APPLIC~1\GetRightToGo 2007-04-23 02:56:51 -------- d-----w C:\Program Files\WarRock 2007-04-19 18 22 -------- d-----w C:\Program Files\LimeWire2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 20 45 112,423 ----a-w C:\WINDOWS\hpoins07.dat2007-04-17 20:04:11 -------- d-----w C:\Program Files\HP 2007-04-17 20:02:40 -------- d-----w C:\Program Files\Common Files\Sonic Shared 2007-04-17 20:02:06 -------- d-----w C:\Program Files\Common Files\HP 2007-04-17 19:59:12 -------- d-----w C:\Program Files\Hewlett-Packard 2007-04-17 19:57:45 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-04-17 19:15:52 -------- d-----w C:\DOCUME~1\Slake\APPLIC~1\HP 2007-04-17 18:58:27 -------- d-----w C:\Program Files\IGN 2007-04-16 17:34:27 -------- d-----w C:\DOCUME~1\Slake\APPLIC~1\Ipswitch 2007-04-16 17:34:12 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-16 17:34:12 -------- d-----w C:\Program Files\Ipswitch 2007-04-02 03:59:01 43,520 ----a-w C:\WINDOWS\system32\svchqs.exe 2007-04-01 20:25:48 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-03-19 16:41:41 7,409 ----a-w C:\WINDOWS\extend.dat 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29] {9fa74e90-06d3-40af-8ee4-461a0c1ae6ac}=C:\WINDOWS\system32\kmdrop.dll [2007-06-02 22:45] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-12-04 19:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-01 13:11] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-02 23:26] "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 21:31] "Music Alarm Clock"="C:\PROGRA~1\MUSICA~1\mac.exe" [] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "SHS"="C:\Program Files\Rogers\SelfHealing\SHS.exe" [2007-03-12 10:24] "Update Manager"="C:\Program Files\Rogers\Update Manager\UpdateManager.exe" [2007-03-12 10:24] "RogersAgent"="c:\Program Files\Rogers\SelfHealing\rogersagent.exe" [2006-11-06 12:41] "Start WingMan Profiler"="" [] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 16:04] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kmdrop] kmdrop.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=c:\windows\system32\mljjjhf.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\autoplay.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb65c555-0c81-11dc-80d5-0080c6f1eee1}] AutoRun\command- F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff304e43-998b-11d9-a201-806d6172696f}] AutoRun\command- D:\SETUP.EXE Contents of the 'Scheduled Tasks' folder 2007-06-11 23:43:13 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-11 23:02:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-11 23:07:16 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-11 23:06 --- E O F --- Last edited by sUBs : 06-11-2007 at 09:13 PM. |
|
|
|
|
06-11-2007, 09:28 PM
|
#27 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,355
OS: XP
|
Re: Log Help... Please!
Before fixing anything, Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it. Paste the following list of filepaths into the Suspicious File Packer window: C:\WINDOWS\aitco.exe C:\WINDOWS\system32\vtutroo.dll C:\DOCUME~1\Slake\APPLIC~1\tmp63.tmp.exe C:\DOCUME~1\Slake\APPLIC~1\tmp64.tmp.exe C:\DOCUME~1\Slake\APPLIC~1\tmp65.tmp.exe C:\WINDOWS\ylyfn.exe C:\WINDOWS\system32\kmdrop.dll C:\WINDOWS\system32\mljjjhf.dll C:\WINDOWS\wchph.exe C:\WINDOWS\zzzx.exe C:\WINDOWS\system32\svchqs.exe C:\WINDOWS\system32\wegoxkdsiw\dark.exe C:\WINDOWS\system32\wegoxkdsiw\winsp3.exe Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4 Please include a link to this topic in the message. --------------- Do a HijackThis scan & place a check next to these items and select "Fix checked": O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9fa74e90-06d3-40af-8ee4-461a0c1ae6ac} - C:\WINDOWS\system32\kmdrop.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kmdrop.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kmdrop.dll O20 - AppInit_DLLs: c:\windows\system32\mljjjhf.dll O20 - Winlogon Notify: kmdrop - C:\WINDOWS\SYSTEM32\kmdrop.dll --------------- Open notepad and copy/paste the text in the quotebox below into it: Code:
File::
C:\WINDOWS\aitco.exe
C:\WINDOWS\system32\vtutroo.dll
C:\DOCUME~1\Slake\APPLIC~1\tmp7E.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp7F.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp80.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp63.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp64.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp65.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp5B.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp5C.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp5D.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp58.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp59.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp5A.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp50.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp51.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp4F.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp43.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp45.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp41.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp3C.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp46.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp48.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp49.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp47.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp3F.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp40.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp3E.tmp.exe
C:\DOCUME~1\Slake\APPLIC~1\tmp3B.tmp.exe
C:\WINDOWS\ylyfn.exe
C:\WINDOWS\system32\kmdrop.dll
C:\WINDOWS\system32\mljjjhf.dll
C:\WINDOWS\wchph.exe
C:\WINDOWS\zzzx.exe
C:\WINDOWS\system32\svchqs.exe
Folder::
C:\WINDOWS\system32\wegoxkdsiw
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fa74e90-06d3-40af-8ee4-461a0c1ae6ac}]
[-HKEY_CLASSES_ROOT\CLSID\{9fa74e90-06d3-40af-8ee4-461a0c1ae6ac}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kmdrop]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=-
 Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Then post the resultant log --------------- Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------- In your next post, please include fresh logs from:
|
|
|
|
|
06-12-2007, 08:05 AM
|
#28 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 21
OS: Windows Vista
|
Re: Log Help... Please!
Logfile of HijackThis v1.99.1
Scan saved at 10:02:29 AM, on 6/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Rogers\SelfHealing\rogersagent.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - Startup: Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.3.1.99.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ================ It wouldnt let me upload the OnlineScan.html because of the format, so I switched it to .txt. When you get it just change it back to html and I think it should work. KASPERSKY ONLINE SCANNER REPORT Tuesday, June 12, 2007 10:02:06 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/06/2007 Kaspersky Anti-Virus database records: 342558 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases false Scan Target My Computer A:\ C:\ D:\ E:\ Scan Statistics Total number of scanned objects 97272 Number of viruses found 16 Number of infected objects 111 / 0 Number of suspicious objects 0 Duration of the scan process 01:38:03 Infected Object Name Virus Name Last Action C:\Deckard\System Scanner\20070607100645\backup\DOCUME~1\Slake\LOCALS~1\Temp\temp.exe Infected: Trojan.Win32.Agent.bi skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Slake\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped C:\Documents and Settings\Slake\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Slake\cset.exe Infected: IM-Worm.Win32.Licat.i skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/aitco.exe Infected: Trojan.Win32.Agent.bi skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/system32/vtutroo.dll Infected: Trojan.Win32.Agent.bi skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/DOCUME~1/Slake/APPLIC~1/tmp63.tmp.exe Infected: Trojan.Win32.BHO.g skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/DOCUME~1/Slake/APPLIC~1/tmp65.tmp.exe Infected: Trojan.Win32.Agent.anr skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/ylyfn.exe Infected: Trojan.Win32.Agent.bi skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/system32/kmdrop.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/system32/mljjjhf.dll Infected: Trojan.Win32.Agent.bi skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/zzzx.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab/C:/WINDOWS/system32/svchqs.exe Infected: Trojan-PSW.Win32.WOW.qh skipped C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab CAB: infected - 9 skipped C:\Documents and Settings\Slake\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Messenger\eevo7@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Messenger\eevo7@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Messenger\eevo7@hotmail.com\SharingMetadata\Working\database_1A1C_36B2_1C36_88B1\dfsr.db Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Messenger\eevo7@hotmail.com\SharingMetadata\Working\database_1A1C_36B2_1C36_88B1\fsr.log Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Messenger\eevo7@hotmail.com\SharingMetadata\Working\database_1A1C_36B2_1C36_88B1\fsrtmp.log Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Messenger\eevo7@hotmail.com\SharingMetadata\Working\database_1A1C_36B2_1C36_88B1\tmp.edb Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Windows Live Contacts\eevo7@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Windows Live Contacts\eevo7@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped C:\Documents and Settings\Slake\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Slake\Local Settings\History\History.IE5\MSHist012007061120070612\index.dat Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\Acr1B0.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DF321B.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DF42D5.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DF42E5.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DF5105.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DF518D.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DFAC38.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DFEB2F.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temp\~DFEB43.tmp Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Slake\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Slake\mc2.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\Documents and Settings\Slake\mcnew.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\Documents and Settings\Slake\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Slake\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Slake\vset.exe Infected: IM-Worm.Win32.Licat.i skipped C:\Documents and Settings\Slake\vsetup.exe Infected: IM-Worm.Win32.Licat.i skipped C:\Documents and Settings\Slake\vsset.exe Infected: IM-Worm.Win32.Licat.i skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped C:\Program Files\Hijackthis\backups\backup-20070611-234929-249.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\1E862C29 Infected: Trojan-Downloader.Win32.IstBar.os skipped C:\Program Files\Norton AntiVirus\Savrt\0005NAV~.TMP Infected: Trojan-Downloader.Win32.PurityScan.dr skipped C:\QooBox\Purity\Program Files\Common Files\SSTEM~1\spool32.exe Infected: Trojan-Downloader.Win32.PurityScan.dr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp3B.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp3C.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp3E.tmp.exe.vir Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp40.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp41.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp45.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp46.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp47.tmp.exe.vir Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp48.tmp.exe.vir Infected: Trojan.Win32.Agent.agv skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp49.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp4F.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp51.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp58.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp5A.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp5B.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp5D.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp63.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp65.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp7E.tmp.exe.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\DOCUME~1\Slake\APPLIC~1\tmp80.tmp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\aitco.exe.vir Infected: Trojan.Win32.Agent.bi skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mljjjhf.dll.vir Infected: Trojan.Win32.Agent.bi skipped C:\QooBox\Quarantine\C\WINDOWS\system32\perfc000.dat.vir Infected: Backdoor.Win32.Small.os skipped C:\QooBox\Quarantine\C\WINDOWS\system32\svchqs.exe.vir Infected: Trojan-PSW.Win32.WOW.qh skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp3B.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp3C.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp41.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp46.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp4F.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp58.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp5B.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp63.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tmp7E.tmp.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vtutroo.dll.vir Infected: Trojan.Win32.Agent.bi skipped C:\QooBox\Quarantine\C\WINDOWS\ylyfn.exe.vir Infected: Trojan.Win32.Agent.bi skipped C:\QooBox\Quarantine\C\WINDOWS\zzzx.exe.vir Infected: Trojan-Downloader.Win32.Delf.bld skipped C:\QooBox\Quarantine\catchme2007-06-11_235734.18.zip/kmdrop.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped C:\QooBox\Quarantine\catchme2007-06-11_235734.18.zip ZIP: infected - 1 skipped C:\SDFix\backups\backups.zip/backups/regscan.exe Infected: Trojan-Downloader.Win32.Agent.azr skipped C:\SDFix\backups\backups.zip/backups/svchost.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped C:\SDFix\backups\backups.zip/backups/temp.exe Infected: Trojan.Win32.Agent.bi skipped C:\SDFix\backups\backups.zip/backups/~.exe Infected: Trojan-Dropper.Win32.Agent.bfd skipped C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP44\A0015056.exe Infected: Trojan.Win32.Agent.agv skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP44\A0015057.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015178.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015179.exe Infected: Trojan-Dropper.Win32.Agent.bfd skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015180.exe Infected: Trojan-Downloader.Win32.Agent.azr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015185.exe Infected: Trojan-Downloader.Win32.Agent.azr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015186.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015187.exe Infected: Trojan.Win32.Agent.bi skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP47\A0015189.exe Infected: Trojan-Dropper.Win32.Agent.bfd skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016570.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016571.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016572.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016573.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016574.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016575.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016576.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016577.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016578.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016646.exe Infected: Trojan.Win32.Agent.bi skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016647.dll Infected: Trojan.Win32.Agent.bi skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016648.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016650.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016651.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016653.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016654.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016656.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016657.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016659.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016661.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016662.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016664.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016665.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016666.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016667.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016668.exe Infected: Trojan.Win32.Agent.agv skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016669.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016670.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016672.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016673.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016674.exe Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016675.exe Infected: Trojan.Win32.Agent.bi skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016676.dll Infected: Trojan.Win32.Agent.bi skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016678.exe Infected: Trojan-Downloader.Win32.Delf.bld skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016679.exe Infected: Trojan-PSW.Win32.WOW.qh skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\A0016680.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped C:\System Volume Information\_restore{6E7AE4E2-6679-4669-94FD-5C676FF9B9C2}\RP48\change.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{85381131-9032-4781-9D94-A8E9B61343F9}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\mcnew.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Last edited by sUBs : 06-12-2007 at 08:12 AM. |
|
|
|
|
06-12-2007, 08:18 AM
|
#29 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,355
OS: XP
|
Re: Log Help... Please!
C:\Documents and Settings\Slake\cset.exe
C:\Documents and Settings\Slake\mc2.exe C:\Documents and Settings\Slake\mcnew.exe C:\Documents and Settings\Slake\vset.exe C:\Documents and Settings\Slake\vsetup.exe C:\Documents and Settings\Slake\vsset.exe C:\WINDOWS\system32\mcnew.exe Allow SFP to pack the above files. Submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4 Please include a link to this topic in the message. --------------- Open notepad and copy/paste the text in the quotebox below into it: Code:
File:: C:\Documents and Settings\Slake\cset.exe C:\Documents and Settings\Slake\mc2.exe C:\Documents and Settings\Slake\mcnew.exe C:\Documents and Settings\Slake\vset.exe C:\Documents and Settings\Slake\vsetup.exe C:\Documents and Settings\Slake\vsset.exe C:\WINDOWS\system32\mcnew.exe C:\Documents and Settings\Slake\Desktop\requested-files[2007-06-11_23_45].cab Folder:: C:\SDFix C:\Deckard C:\Program Files\Hijackthis\backups Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Then post the resultant log --------------- Please update us on how the computer behaves now |
|
|
|
