Suspected Virus/trojan/worm - Page 2

nicdonati · 11-27-2006, 07:33 AM

BitDefender Online Scanner

Scan report generated at: Mon, Nov 27, 2006 - 13:10:23

Scan path: C:\;D:\;E:\;F:\;G:\;

Statistics
Time 01:14:57
Files 466284
Folders 6020
Boot Sectors 3
Archives 7150
Packed Files 72551

Results
Identified Viruses 7
Infected Files 58
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 64

Engines Info
Virus Definitions 319194
Engine build AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1

Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File Status
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o)=>Setup-137.exe Infected with: Trojan.Agent.IT
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o)=>Setup-137.exe Disinfection failed
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o)=>Setup-137.exe Deleted
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o) Updated
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe Update failed
C:\program files\tshz093.exe=>(ZIP Sfx o)=>Setup-137.exe Infected with: Trojan.Agent.IT
C:\program files\tshz093.exe=>(ZIP Sfx o)=>Setup-137.exe Disinfection failed
C:\program files\tshz093.exe=>(ZIP Sfx o)=>Setup-137.exe Deleted
C:\program files\tshz093.exe=>(ZIP Sfx o) Updated
C:\program files\tshz093.exe Update failed
D:\WINDOWS\RichDll.dll Infected with: Win32.Looked.A
D:\WINDOWS\RichDll.dll Disinfection failed
D:\WINDOWS\RichDll.dll Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\Logo1_.exe Infected with: Win32.Looked.A
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\Logo1_.exe Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\Logo1_.exe Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005698.pif Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005698.pif Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005698.pif Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005765.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005765.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005765.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005767.pif Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005767.pif Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005767.pif Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005770.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005770.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005770.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005771.exe Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005771.exe Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005771.exe Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005772.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005772.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005772.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005773.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005773.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005773.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005775.exe Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005775.exe Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005775.exe Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005776.pif Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005776.pif Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005776.pif Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005778.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005778.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005778.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005780.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005780.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005780.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005781.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005781.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005781.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005782.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005782.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005782.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005786.com Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005786.com Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005786.com Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005787.pif Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005787.pif Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005787.pif Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006275.exe Infected with: Win32.Looked.A
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006275.exe Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006275.exe Deleted
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006078.EXE Infected with: Trojan.PWS.WOW.ZA
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006078.EXE Disinfection failed
D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006078.EXE Deleted
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.PWS.Hangame.AW
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768=>(Quarantine-4) Disinfection failed
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768=>(Quarantine-4) Deleted
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768=>(Quarantine-4) Infected with: Trojan.PWS.Hangame.AW
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768=>(Quarantine-4) Disinfection failed
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768=>(Quarantine-4) Deleted
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.PWS.Hangame.AW
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768=>(Quarantine-4) Disinfection failed
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768=>(Quarantine-4) Deleted
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\yahoo[1].exe.bac_a03768=>(Quarantine-4) Infected with: Backdoor.PcClient.GV
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\yahoo[1].exe.bac_a03768=>(Quarantine-4) Disinfection failed
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\yahoo[1].exe.bac_a03768=>(Quarantine-4) Deleted
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\~tmp1351.exe.bac_a03768=>(Quarantine-4) Infected with: Backdoor.PcClient.GV
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\~tmp1351.exe.bac_a03768=>(Quarantine-4) Disinfection failed
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\~tmp1351.exe.bac_a03768=>(Quarantine-4) Deleted
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321813.exe.bac_a00224=>(Quarantine-4) Infected with: Backdoor.PcClient.GV
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321813.exe.bac_a00224=>(Quarantine-4) Disinfection failed
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321813.exe.bac_a00224=>(Quarantine-4) Deleted
D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/Logo1_.exe Infected with: Win32.Looked.A
D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/Logo1_.exe Disinfection failed
D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/Logo1_.exe Deleted
D:\Documents and Settings\Nic\Desktop\Zip files.zip Updated
D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/rxdll.dll Infected with: Trojan.PWS.Hangame.AW
D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/rxdll.dll Disinfection failed
D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/rxdll.dll Deleted
D:\Documents and Settings\Nic\Desktop\Zip files.zip Updated
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000262.exe Infected with: Trojan.PSW.Lineage.EE
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000262.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000262.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000672.EXE Infected with: Trojan.PSW.Lineage.EE
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000672.EXE Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000672.EXE Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000673.dll Infected with: Trojan.PSW.Lineage.EE
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000673.dll Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000673.dll Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000703.EXE Infected with: Trojan.PSW.Lineage.EE
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000703.EXE Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000703.EXE Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005785.dll Infected with: Trojan.PSW.Lineage.EE
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005785.dll Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005785.dll Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006118.exe Infected with: Trojan.Spy.Delf.AY
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006118.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006118.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006132.exe Infected with: Trojan.Spy.Delf.AY
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006132.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006132.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007490.exe Infected with: Win32.Looked.A
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007490.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007490.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007491.exe Infected with: Win32.Looked.A
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007491.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007491.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007509.dll Infected with: Win32.Looked.A
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007509.dll Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007509.dll Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007510.exe Infected with: Win32.Looked.A
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007510.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007510.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007511.pif Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007511.pif Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007511.pif Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007512.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007512.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007512.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007513.pif Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007513.pif Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007513.pif Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007514.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007514.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007514.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007515.exe Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007515.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007515.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007516.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007516.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007516.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007517.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007517.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007517.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007518.exe Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007518.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007518.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007519.pif Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007519.pif Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007519.pif Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007520.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007520.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007520.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007521.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007521.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007521.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007522.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007522.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007522.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007523.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007523.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007523.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007524.com Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007524.com Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007524.com Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007525.pif Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007525.pif Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007525.pif Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007526.exe Infected with: Win32.Looked.A
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007526.exe Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007526.exe Deleted
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007527.EXE Infected with: Trojan.PWS.WOW.ZA
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007527.EXE Disinfection failed
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007527.EXE Deleted
D:\KavHelp.dll Infected with: Trojan.Spy.Delf.AY
D:\KavHelp.dll Disinfection failed
D:\KavHelp.dll Deleted

nicdonati · 11-27-2006, 07:34 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 27, 2006 2:24:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/11/2006
Kaspersky Anti-Virus database records: 245873
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 61241
Number of viruses found: 8
Number of infected objects: 27 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:53:13

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe ZIP: infected - 1 skipped
C:\KB173333.log Infected: not-a-virus:AdWare.Win32.BHO.bq skipped
C:\program files\tshz093.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped
C:\program files\tshz093.exe ZIP: infected - 1 skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\Temp\sqlite_D8g4hqWpgRwixgr Object is locked skipped
D:\WINDOWS\Temp\sqlite_TLqOXIcu3by3Cct Object is locked skipped
D:\WINDOWS\Temp\sqlite_u34DysWDbcexY2H Object is locked skipped
D:\WINDOWS\Temp\sqlite_TTSHdxUbXgu8Q7n Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Debug\oakley.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D977D42-A1ED-4530-9DBC-23AA7245CE38}.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320818.dll.bac_a03768 Infected: Trojan-PSW.Win32.Agent.dq skipped
D:\Documents and Settings\Nic\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\UserData\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\History\History.IE5\MSHist012006112720061128\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/XpIcfOpt.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\Documents and Settings\Nic\Desktop\Zip files.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Nic\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\history.dat Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cert8.db Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\key3.db Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\parent.lock Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\urlclassifier2.sqlite Object is locked skipped
D:\Documents and Settings\Nic\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004161.EXE Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004539.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004540.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006050.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006056.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006076.exe Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006077.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006079.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006086.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006087.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006088.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006089.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006123.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped

Scan process completed.

dorts · 11-27-2006, 05:40 PM

Good work! DrWeb seem to have cured the Viking worm. But just to comfirm, I'll like to take the risk. Try running Google Earth. It was previously infected by Viking but DrWeb has cured it. After that run DrWeb Cureit again.

nicdonati · 11-27-2006, 07:01 PM

Ok thats great news. I ran Google earth and then DrWeb. Here si the log. It still says there are viruses. and so did the Kaspersky and Bitdefender scans last time.

A0007492.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Tool.ShutDown.11;Incurable.Moved.;
A0007493.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0007494.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0007495.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0007496.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0007497.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0007499.dll;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably DLOADER.Trojan;Incurable.Moved.;

dorts · 11-27-2006, 10:52 PM

Good work! These are not the viking worm, so are the ones kaspersky and bitdefender detected. The vikings are cured by DrWeb in the first run.

Now let's continue.

----------------------------------

Please delete your current combofix download combofix from this link and save it on your desktop. DO NOT run it yet.

Safe Mode

Restart your computer.
Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
After it loads, Login on your usual account.

ComboFix

1. Run combofix by clicking on combofix.exe on your desktop.

3. When finished, it shall produce a log for you. It will be located at D:\combofix.txt Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

You may now reboot back to normal mode

Logs

Please post the following logs in your next reply...

combofix.txt
A New SREng Log
A New HijackThis Log

nicdonati · 11-28-2006, 02:42 AM

So safe mode didnt work again, so i ran SMfix again and that seemed to sort it out again... dont understand whats going on... anyways here are the log reports

Logfile of HijackThis v1.99.1
Scan saved at 09:38:11, on 28/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\QKeys\QKeys.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\PowerISO\SCDEmuApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\BitLord\BitLord.exe
D:\Program Files\CASIO\Photo Loader\Plauto.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\PROGRA~1\McAfee\MSC\mctskshd.exe
D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\SiteAdvisor\4608\SAService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\Program Files\iPod\bin\iPodService.exe
d:\program files\mcafee\msc\mcuimgr.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file)
O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [1f] D:\WINDOWS\System32\rundll32.exe r1ft7.dll Rundll32
O4 - HKLM\..\Run: [wl] D:\WINDOWS\Download\svhost32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [wao.exe] D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys Rundll32
O4 - HKCU\..\Run: [Dseh] "D:\WINDOWS\WNSXS~1\userinit.exe" -vt ndrv
O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Nic - 06-11-28 9:24:49.39 Service Pack 1
ComboFix 06.11.28W - Running from: "D:\Documents and Settings\Nic\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

D:\qoobox\purity\WINDOWS\WNSXS~1
D:\qoobox\purity\WINDOWS\system32\WNSXS~1
D:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1
D:\qoobox\purity\Program Files\ASEMBL~1
D:\qoobox\purity\Documents and Settings\Nic\Application Data\CROSOF~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\YMANTE~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\CROSOF~1.NET
D:\qoobox\purity\Documents and Settings\Nic\My Documents\SMBOLS~1

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))

2006-11-27 11:54 <DIR> d-------- D:\WINDOWS\BDOSCAN8
2006-11-27 09:57 <DIR> d-------- D:\Documents and Settings\Nic\DoctorWeb
2006-11-26 16:37 <DIR> d-------- D:\WINDOWS\uninstall
2006-11-26 15:26 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2006-11-26 13:25 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-26 13:25 <DIR> d-------- D:\Program Files\Grisoft
2006-11-25 16:09 <DIR> d-------- D:\WINDOWS\erdnt
2006-11-23 16:16 68,608 --a------ D:\WINDOWS\system32\locator.exe
2006-11-23 16:16 67,584 --a------ D:\WINDOWS\system32\magnify.exe
2006-11-23 16:16 544,256 --a------ D:\WINDOWS\system32\crypt32.dll
2006-11-23 16:16 532,480 --a------ D:\WINDOWS\system32\rpcrt4.dll
2006-11-23 16:16 53,760 --a------ D:\WINDOWS\system32\cryptsvc.dll
2006-11-23 16:16 51,200 --a------ D:\WINDOWS\system32\narrator.exe
2006-11-23 16:16 37,888 --a------ D:\WINDOWS\system32\hhsetup.dll
2006-11-23 16:16 316,928 --a------ D:\WINDOWS\system32\zipfldr.dll
2006-11-23 16:16 260,608 --a------ D:\WINDOWS\system32\rpcss.dll
2006-11-23 16:16 238,080 --a------ D:\WINDOWS\system32\newdev.dll
2006-11-23 16:16 226,816 --a------ D:\WINDOWS\system32\srrstr.dll
2006-11-23 16:16 212,480 --a------ D:\WINDOWS\system32\osk.exe
2006-11-23 16:16 179,200 --a------ D:\WINDOWS\system32\accwiz.exe
2006-11-23 16:16 143,872 --a------ D:\WINDOWS\system32\itircl.dll
2006-11-23 16:16 125,440 --a------ D:\WINDOWS\system32\shmedia.dll
2006-11-23 16:16 122,368 --a------ D:\WINDOWS\system32\itss.dll
2006-11-23 16:16 10,752 --a------ D:\WINDOWS\hh.exe
2006-11-23 16:16 1,172,992 --a------ D:\WINDOWS\system32\ole32.dll
2006-11-23 16:12 31,744 --a------ D:\WINDOWS\system32\rundll32.exe
2006-11-23 16:08 <DIR> d--hs---- D:\FOUND.000
2006-11-23 15:47 947,472 --a------ D:\WINDOWS\system32\msjava.dll
2006-11-23 15:47 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll
2006-11-23 15:47 49,424 --a------ D:\WINDOWS\system32\clspack.exe
2006-11-23 15:47 46,352 --a------ D:\WINDOWS\setdebug.exe
2006-11-23 15:47 404,752 --a------ D:\WINDOWS\system32\javart.dll
2006-11-23 15:47 313,856 --a------ D:\WINDOWS\system32\dx3j.dll
2006-11-23 15:47 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll
2006-11-23 15:47 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll
2006-11-23 15:47 187,152 --a------ D:\WINDOWS\system32\javacypt.dll
2006-11-23 15:47 172,304 --a------ D:\WINDOWS\system32\jview.exe
2006-11-23 15:47 171,792 --a------ D:\WINDOWS\system32\wjview.exe
2006-11-23 15:47 171,280 --a------ D:\WINDOWS\system32\jit.dll
2006-11-23 15:47 154,384 --a------ D:\WINDOWS\system32\msawt.dll
2006-11-23 15:47 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe
2006-11-23 15:47 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedon.reg
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2006-11-23 15:46 528,896 --a------ D:\WINDOWS\system32\user32.dll
2006-11-23 15:46 46,208 --a------ D:\WINDOWS\system32\drivers\raspptp.sys
2006-11-23 15:46 392,576 --a------ D:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-23 15:46 322,048 --a------ D:\WINDOWS\system32\drivers\srv.sys
2006-11-23 15:46 272,896 --a------ D:\WINDOWS\system32\winsrv.dll
2006-11-23 15:46 1,949,440 --a------ D:\WINDOWS\system32\ntkrnlpa.exe
2006-11-23 15:46 1,925,760 --a------ D:\WINDOWS\system32\ntoskrnl.exe
2006-11-23 15:46 1,694,336 --a------ D:\WINDOWS\system32\win32k.sys
2006-11-23 15:37 32,256 --a------ D:\WINDOWS\system32\msgsvc.dll
2006-11-23 15:36 676,864 --a------ D:\WINDOWS\system32\sxs.dll
2006-11-23 15:35 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll
2006-11-23 15:35 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll
2006-11-23 15:35 593,408 --------- D:\WINDOWS\system32\xpsp2res.dll
2006-11-23 15:35 331,776 --a------ D:\WINDOWS\system32\winhttp.dll
2006-11-23 15:35 260,096 --a------ D:\WINDOWS\system32\mstask.dll
2006-11-23 15:35 172,544 --a------ D:\WINDOWS\system32\schedsvc.dll
2006-11-23 15:35 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 15:35 158,720 --------- D:\WINDOWS\system32\xpob2res.dll
2006-11-23 15:35 10,752 --a------ D:\WINDOWS\system32\mstinit.exe
2006-11-23 15:35 <DIR> d-------- D:\WINDOWS\system32\bits
2006-11-23 15:05 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2006-11-23 15:05 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2006-11-23 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Lavasoft
2006-11-21 18:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2006-11-21 16:41 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\McAfee
2006-11-21 12:19 <DIR> d-------- D:\Program Files\RegCleaner
2006-11-21 11:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Uniblue
2006-11-21 10:49 229,376 -ra------ D:\WINDOWS\system32\atiiiexx.dll
2006-11-21 10:25 <DIR> d-------- D:\WINDOWS\Favorites
2006-11-20 22:45 182,880 --a------ D:\WINDOWS\system32\iuengine.dll
2006-11-20 22:06 <DIR> d-------- D:\WINDOWS\Prefetch
2006-11-20 21:48 99,328 --a------ D:\WINDOWS\system32\irftp.exe
2006-11-20 21:48 78,336 --a------ D:\WINDOWS\system32\irmon.dll
2006-11-20 21:48 7,680 --a------ D:\WINDOWS\system32\wshirda.dll
2006-11-20 21:48 55,296 --a------ D:\WINDOWS\system32\drivers\irda.sys
2006-11-20 21:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2006-11-20 21:43 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys
2006-11-20 21:32 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys
2006-11-20 21:30 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2006-11-20 21:30 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2006-11-20 21:19 73,728 --a------ D:\WINDOWS\smcfg.exe
2006-11-20 21:19 607,732 --a------ D:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\slserv.exe
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\coinst.dll
2006-11-20 21:19 42,296 --a------ D:\WINDOWS\system32\winddx.sys
2006-11-20 21:19 413,696 --a------ D:\WINDOWS\sllights.exe
2006-11-20 21:19 369,936 --a------ D:\WINDOWS\system32\drivers\slntamr.sys
2006-11-20 21:19 33,028 --a------ D:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-20 21:19 2,383,460 --a------ D:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-20 21:19 196,608 --a------ D:\WINDOWS\system32\slextspk.dll
2006-11-20 21:19 175,160 --a------ D:\WINDOWS\system32\drivers\slnthal.sys
2006-11-20 21:19 172,708 --a------ D:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-20 21:19 163,840 --a------ D:\WINDOWS\system32\minirec.exe
2006-11-20 21:19 151,552 --a------ D:\WINDOWS\system32\amr_cpl.dll
2006-11-20 21:19 1,438,556 --a------ D:\WINDOWS\system32\drivers\v90drv.sys
2006-11-20 21:18 <DIR> d-------- D:\WINDOWS\setup.pss
2006-11-20 18:49 <DIR> d-------- D:\Program Files\SiteAdvisor
2006-11-20 18:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\SiteAdvisor
2006-11-20 18:47 84,744 --a------ D:\WINDOWS\system32\drivers\mfeavfk.sys
2006-11-20 18:47 37,800 --a------ D:\WINDOWS\system32\drivers\mfesmfk.sys
2006-11-20 18:47 33,896 --a------ D:\WINDOWS\system32\drivers\mfebopk.sys
2006-11-20 18:47 31,560 --a------ D:\WINDOWS\system32\drivers\mferkdk.sys
2006-11-20 18:47 161,768 --a------ D:\WINDOWS\system32\drivers\mfehidk.sys
2006-11-20 18:47 104,024 --a------ D:\WINDOWS\system32\drivers\Mpfp.sys
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee.com
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee
2006-11-20 18:46 <DIR> d-------- D:\Program Files\Common Files\McAfee
2006-11-20 18:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2006-11-20 16:55 <DIR> d-------- D:\WINDOWS\Intel
2006-11-20 11:02 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-19 23:38 558,080 --a------ D:\WINDOWS\system32\advapi.dll
2006-11-19 23:31 <DIR> d-------- D:\WINDOWS\Download
2006-11-17 19:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2006-11-17 01:23 <DIR> d-------- D:\Program Files\Sign Recognition Test CDROM
2006-11-06 20:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\My Games
2006-11-06 20:21 <DIR> d---s---- D:\Program Files\Xfire
2006-11-06 20:21 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Xfire
2006-11-06 19:23 44,032 --a------ D:\WINDOWS\system32\msxml3r.dll
2006-11-06 19:23 1,129,472 --a------ D:\WINDOWS\system32\msxml3.dll
2006-11-06 18:16 <DIR> d-------- D:\Program Files\Firaxis Games
2006-11-06 18:08 <DIR> d-------- D:\Program Files\PowerISO
2006-11-06 17:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP
2006-11-03 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Sports Interactive
2006-10-31 12:56 <DIR> d-------- D:\Program Files\Sports Interactive
2006-10-30 23:22 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Bitdefender
2006-10-30 23:11 <DIR> d-------- D:\Program Files\Softwin
2006-10-30 23:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BitDefender
2006-10-30 23:10 <DIR> d-------- D:\Program Files\Common Files\Softwin
2006-10-30 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-10-30 23:06 684,032 --a------ D:\WINDOWS\system32\libeay32.dll
2006-10-30 23:06 155,648 --a------ D:\WINDOWS\system32\ssleay32.dll
2006-10-29 19:47 <DIR> d-------- D:\Program Files\PCPitstop
2006-10-29 06:24 <DIR> d-------- D:\Program Files\TVAnts

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-03 21:53 -------- d-------- D:\Program Files\LitexMedia
2006-09-21 20:39 98304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2006-09-21 01:50 0 --a------ D:\Documents and Settings\Nic\Application Data\dm.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Registry Cleaner"="\"D:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\""
"BitComet"="\"D:\\Program Files\\BitLord\\BitLord.exe\""
"wao.exe"="D:\\WINDOWS\\System32\\wao.exe D:\\WINDOWS\\System32\\drivers\\cq4.sys Rundll32"
"Dseh"="\"D:\\WINDOWS\\WNSXS~1\\userinit.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QKeys"="\"D:\\Program Files\\QKeys\\QKeys.EXE\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"SCDEmuApp.exe"="\"D:\\Program Files\\PowerISO\\SCDEmuApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"WinampAgent"="\"D:\\Program Files\\Winamp3\\winampa.exe\""
"SiteAdvisor"="D:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AdaptecDirectCD"="\"D:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"1f"="D:\\WINDOWS\\System32\\rundll32.exe r1ft7.dll Rundll32"
"wl"="D:\\WINDOWS\\Download\\svhost32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\McQcTask.job
D:\WINDOWS\tasks\McDefragTask.job

Completion time: 06-11-28 9:33:21.08
D:\ComboFix3.txt ... 06-11-25 16:11
D:\ComboFix.txt ... 06-11-28 09:33
D:\ComboFix2.txt ... 06-11-26 15:13

2006-11-28,09:37:24

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Registry Cleaner><"D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"> [N/A]
<BitComet><"D:\Program Files\BitLord\BitLord.exe"> [www.BitLord.com]
<wao.exe><D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys Rundll32> [N/A]
<Dseh><"D:\WINDOWS\WNSXS~1\userinit.exe" -vt ndrv> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QKeys><"D:\Program Files\QKeys\QKeys.EXE"> [Taiwan]
<ATIModeChange><Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.]
<ATIPTA><"D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<SunJavaUpdateSched><"D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.]
<QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SCDEmuApp.exe><"D:\Program Files\PowerISO\SCDEmuApp.exe"> [PowerISO Computing, Inc.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<WinampAgent><"D:\Program Files\Winamp3\winampa.exe"> [N/A]
<SiteAdvisor><D:\Program Files\SiteAdvisor\4608\SiteAdv.exe> [(Verified)McAfee, Inc.]
<NeroFilterCheck><D:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<AdaptecDirectCD><"D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio]
<Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
<1f><D:\WINDOWS\System32\rundll32.exe r1ft7.dll Rundll32> [N/A]
<wl><D:\WINDOWS\Download\svhost32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A]

==================================
Startup Folders
[Photo Loader supervisory]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk --> D:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [CASIO COMPUTER CO.,LTD.]><N>
[Adobe Acrobat Speed Launcher]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk --> D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
<D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\System32\Ati2evxx.exe><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
<D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[McAfee E-mail Proxy / Emproxy]
<D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[InstallDriver Table Manager / IDriverT]
<"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<D:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[McAfee HackerWatch Service / McAfee HackerWatch Service]
<"D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[McAfee Log Manager / McLogManagerService]
<D:\PROGRA~1\McAfee\MSC\mclogsrv.exe><McAfee, Inc.>
[McAfee Update Manager / mcmispupdmgr]
<D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe><N/A>
[McAfee Network Agent / McNASvc]
<"d:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Protection Manager / mcpromgr]
<D:\PROGRA~1\McAfee\MSC\mcpromgr.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector]
<d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Task Scheduler / mctskshd.exe]
<D:\PROGRA~1\McAfee\MSC\mctskshd.exe><McAfee, Inc.>
[McAfee User Manager / mcusrmgr]
<D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService]
<"D:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[SiteAdvisor Service / SiteAdvisor Service]
<D:\Program Files\SiteAdvisor\4608\SAService.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
<\??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[bdfdll / bdfdll]
<\??\D:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV]
<\??\D:\??\D:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[Cdr4_xp / Cdr4_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[d347bus / d347bus]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Dual-Mode DSC(2770) / DCamUSBSQTECH]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[dvd_2K / dvd_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[McAfee Inc. / mfeavfk]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[mmc_2K / mmc_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[MP3Driver / MP3Driver]
<D:\WINDOWS\SYSTEM32\DRIVERS\MP3Driver.SYS><N/A>
[MPFP / MPFP]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mtlmnt5 / Mtlmnt5]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm]
<System32\DRIVERS\Mtlstrm.sys><>
[NSC Infrared Device Driver / NSCIRDA]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[NtMtlFax / NtMtlFax]
<System32\DRIVERS\NtMtlFax.sys><>
[NTSIM / NTSIM]
<\??\D:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[SCDEmu / SCDEmu]
<D:\WINDOWS\SYSTEM32\DRIVERS\SCDEmu.SYS><PowerISO Computing, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SmartLink AMR_PCI Driver / Slntamr]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[tmcomm / tmcomm]
<\??\D:\WINDOWS\System32\drivers\tmcomm.sys><Trend Micro Inc.>
[UdfReadr_xp / UdfReadr_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
[V90drv / V90drv]
<System32\DRIVERS\v90drv.sys><>
[VIA AGP Filter / viaagp1]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><N/A>
[VIA USB Host Controller Lower Filter / vulfnths]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{089FD14D-132B-48FC-8861-0048AE113215} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <d:\program files\mcafee\virusscan\scriptsn.dll, McAfee, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, N/A>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <D:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <D:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[Java Plug-in 1.5.0_09]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Convert link target to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
Running Processes
[PID: 640][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 704][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 728][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 776][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 788][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 956][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1056][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1304][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1360][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1564][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1708][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[D:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1880][D:\Program Files\QKeys\QKeys.EXE] [Taiwan, 1, 0, 2, 251]
[PID: 1928][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021]
[D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[PID: 1952][D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3]
[PID: 1968][D:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3]
[PID: 1984][D:\Program Files\PowerISO\SCDEmuApp.exe] [PowerISO Computing, Inc., 2, 6, 1, 1]
[PID: 2000][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
[PID: 2016][D:\Program Files\SiteAdvisor\4608\SiteAdv.exe] [McAfee, Inc., 1.6.0.23]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[D:\Program Files\SiteAdvisor\4608\SASubMgr.dll] [McAfee, Inc., 2,0,9999,0]
[PID: 152][D:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 172][D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\CDRTC.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\cdral.DLL] [Roxio, 5.3.4.21]
[PID: 180][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.7.2006011200]
[PID: 220][D:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.]
[PID: 264][D:\Program Files\CASIO\Photo Loader\Plauto.exe] [CASIO COMPUTER CO.,LTD., 2.3E]
[PID: 588][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 600][D:\WINDOWS\System32\Ati2evxx.exe] [N/A, N/A]
[PID: 616][D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 668][D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.0.163.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 752][D:\PROGRA~1\McAfee\MSC\mclogsrv.exe] [McAfee, Inc., 7,1,131,0]
[PID: 980][d:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[PID: 1236][D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[PID: 1292][D:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,0,201,0]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[d:\program files\mcafee\virusscan\mcvspp.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mvsver.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,0,169,0]
[d:\program files\common files\mcafee\fwdriver\fwdrvver.dll] [McAfee, Inc., 8.0.158.0]
[d:\program files\common files\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,0,198,0]
[PID: 1320][d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,0,198,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[PID: 1408][D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., 13.2.0.175]
[D:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcvsqt.dll] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1432][d:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,1,133,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1464][D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[PID: 1616][D:\PROGRA~1\McAfee\MSC\mctskshd.exe] [McAfee, Inc., 7,1,133,0]
[PID: 1644][D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1820][D:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.0.198.0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 2172][D:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2252][D:\Program Files\SiteAdvisor\4608\SAService.exe] [N/A, N/A]
[PID: 2288][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2340][D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 2636][d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe] [McAfee, Inc., 11,0,205,0]
[D:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[PID: 3204][D:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Documents and Settings\Nic\Desktop\SREng.com] [Smallfrogs Studio, 2.2.6.605]
[PID: 2612][d:\program files\mcafee\msc\mcuimgr.exe] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================

dorts · 11-28-2006, 06:09 AM

Hello and welcome back to TSF

P2P Software

I see you have P2P software (i.e. BitLord) installed on your machine. We are not here to pass judgment on file-sharing
as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you
more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Downloads and others

Please delete your current copy of SmitfraudFix which was not working and download a new copy of SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Reset System Restore Point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

List out files

I need to find out what is in some of the folders. So do the following:

Start > Run >

cmd /c @dir /a/s/b D:\WINDOWS\Download >"%tmp%\~.txt"&"%tmp%\~.txt"

Copy and Paste the above into the "run" box, click "Ok" and notepad will open. Post the contents.

SmitfraudFix - Option #1

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Safe Mode

Restart your computer.
Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
After it loads, Login on your usual account.

Uninstall

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

TPT Registry_Cleaner

Considered Rogueware. See here for more information.

Fixes with HijackThis

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file)
O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file) O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file) O4 - HKLM\..\Run: [1f] D:\WINDOWS\System32\rundll32.exe r1ft7.dll Rundll32
O4 - HKLM\..\Run: [wl] D:\WINDOWS\Download\svhost32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [wao.exe] D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys Rundll32
O4 - HKCU\..\Run: [Dseh] "D:\WINDOWS\WNSXS~1\userinit.exe" -vt ndrv
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

Please remember to close all other windows, including browsers then click Fix checked.

Killbox

I suppose you still have Killbox on your system.

Select the following option - delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy

C:\KB173333.log
C:\program files\tshz093.exe
D:\WINDOWS\System32\wao.exe
D:\WINDOWS\System32\drivers\cq4.sys
D:\WINDOWS\System32\r1ft7.dll

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click NO at the 'Pending Operations prompt'. (Do not reboot yet)

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Folders Deletion

Delete the following Folders indicated in BLUE if they still exist.

D:\Program Files\TPT Registry_Cleaner

You may now reboot back to normal mode

Online Scan

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Logs

Please post the following logs in your next reply...

Folder contents
SmitfraudFix's Log
Kaspersky’s Online Scan Log
A New SREng Log
A New HijackThis Log

nicdonati · 11-28-2006, 09:00 AM

Logfile of HijackThis v1.99.1
Scan saved at 15:59:16, on 28/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\QKeys\QKeys.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\PowerISO\SCDEmuApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\BitLord\BitLord.exe
D:\Program Files\CASIO\Photo Loader\Plauto.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\PROGRA~1\McAfee\MSC\mctskshd.exe
D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\SiteAdvisor\4608\SAService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
d:\program files\mcafee\msc\mcuimgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

2006-11-28,15:58:03

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<BitComet><"D:\Program Files\BitLord\BitLord.exe"> [www.BitLord.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QKeys><"D:\Program Files\QKeys\QKeys.EXE"> [Taiwan]
<ATIModeChange><Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.]
<ATIPTA><"D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<SunJavaUpdateSched><"D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.]
<QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SCDEmuApp.exe><"D:\Program Files\PowerISO\SCDEmuApp.exe"> [PowerISO Computing, Inc.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<WinampAgent><"D:\Program Files\Winamp3\winampa.exe"> [N/A]
<SiteAdvisor><D:\Program Files\SiteAdvisor\4608\SiteAdv.exe> [(Verified)McAfee, Inc.]
<NeroFilterCheck><D:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<AdaptecDirectCD><"D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio]
<Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A]

==================================
Startup Folders
[Photo Loader supervisory]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk --> D:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [CASIO COMPUTER CO.,LTD.]><N>
[Adobe Acrobat Speed Launcher]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk --> D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
<D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\System32\Ati2evxx.exe><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
<D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[McAfee E-mail Proxy / Emproxy]
<D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[InstallDriver Table Manager / IDriverT]
<"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<D:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[McAfee HackerWatch Service / McAfee HackerWatch Service]
<"D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[McAfee Log Manager / McLogManagerService]
<D:\PROGRA~1\McAfee\MSC\mclogsrv.exe><McAfee, Inc.>
[McAfee Update Manager / mcmispupdmgr]
<D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe><N/A>
[McAfee Network Agent / McNASvc]
<"d:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Protection Manager / mcpromgr]
<D:\PROGRA~1\McAfee\MSC\mcpromgr.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector]
<d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Task Scheduler / mctskshd.exe]
<D:\PROGRA~1\McAfee\MSC\mctskshd.exe><McAfee, Inc.>
[McAfee User Manager / mcusrmgr]
<D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService]
<"D:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[SiteAdvisor Service / SiteAdvisor Service]
<D:\Program Files\SiteAdvisor\4608\SAService.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
<\??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[bdfdll / bdfdll]
<\??\D:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV]
<\??\D:\??\D:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[Cdr4_xp / Cdr4_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[d347bus / d347bus]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Dual-Mode DSC(2770) / DCamUSBSQTECH]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[dvd_2K / dvd_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[McAfee Inc. / mfeavfk]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[mmc_2K / mmc_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[MP3Driver / MP3Driver]
<D:\WINDOWS\SYSTEM32\DRIVERS\MP3Driver.SYS><N/A>
[MPFP / MPFP]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mtlmnt5 / Mtlmnt5]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm]
<System32\DRIVERS\Mtlstrm.sys><>
[NSC Infrared Device Driver / NSCIRDA]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[NtMtlFax / NtMtlFax]
<System32\DRIVERS\NtMtlFax.sys><>
[NTSIM / NTSIM]
<\??\D:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[SCDEmu / SCDEmu]
<D:\WINDOWS\SYSTEM32\DRIVERS\SCDEmu.SYS><PowerISO Computing, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SmartLink AMR_PCI Driver / Slntamr]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[tmcomm / tmcomm]
<\??\D:\WINDOWS\System32\drivers\tmcomm.sys><Trend Micro Inc.>
[UdfReadr_xp / UdfReadr_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
[V90drv / V90drv]
<System32\DRIVERS\v90drv.sys><>
[VIA AGP Filter / viaagp1]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><N/A>
[VIA USB Host Controller Lower Filter / vulfnths]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{089FD14D-132B-48FC-8861-0048AE113215} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <d:\program files\mcafee\virusscan\scriptsn.dll, McAfee, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, N/A>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <D:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <D:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[Java Plug-in 1.5.0_09]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Convert link target to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
Running Processes
[PID: 640][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 708][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 732][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 776][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 788][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 952][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1052][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1260][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1340][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1616][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[d:\program files\mcafee\virusscan\scriptsn.dll] [McAfee, Inc., 13.2.0.178]
[D:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\Program Files\PowerISO\PowerISOShell.dll] [PowerISO Computing, Inc., 2, 6, 1, 1]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
[D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 7.0.7.2006011200\0]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\ADIST32.dll] [Adobe Systems Incorporated., 7.0.7.0]
[PID: 1676][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[D:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1864][D:\Program Files\QKeys\QKeys.EXE] [Taiwan, 1, 0, 2, 251]
[PID: 1884][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021]
[D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[PID: 1892][D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3]
[PID: 1900][D:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3]
[PID: 1916][D:\Program Files\PowerISO\SCDEmuApp.exe] [PowerISO Computing, Inc., 2, 6, 1, 1]
[PID: 1924][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
[PID: 1932][D:\Program Files\SiteAdvisor\4608\SiteAdv.exe] [McAfee, Inc., 1.6.0.23]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[D:\Program Files\SiteAdvisor\4608\SASubMgr.dll] [McAfee, Inc., 2,0,9999,0]
[D:\Program Files\SiteAdvisor\4608\saLang.dll] [McAfee, Inc., 2.1.0.97]
[PID: 1956][D:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 1964][D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\CDRTC.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\cdral.DLL] [Roxio, 5.3.4.21]
[PID: 1972][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.7.2006011200]
[PID: 1980][D:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.]
[PID: 2028][D:\Program Files\CASIO\Photo Loader\Plauto.exe] [CASIO COMPUTER CO.,LTD., 2.3E]
[PID: 352][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 364][D:\WINDOWS\System32\Ati2evxx.exe] [N/A, N/A]
[PID: 448][D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 484][D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.0.163.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 528][D:\PROGRA~1\McAfee\MSC\mclogsrv.exe] [McAfee, Inc., 7,1,131,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[PID: 620][d:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[PID: 660][D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,0,201,0]
[PID: 672][D:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,0,201,0]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[d:\program files\mcafee\virusscan\mcvspp.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mvsver.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,0,169,0]
[d:\program files\common files\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,0,198,0]
[PID: 688][d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,0,198,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1000][D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., 13.2.0.175]
[D:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcvsqt.dll] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1008][d:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,1,133,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1024][D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[PID: 1176][D:\PROGRA~1\McAfee\MSC\mctskshd.exe] [McAfee, Inc., 7,1,133,0]
[PID: 1096][D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1296][D:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.0.198.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1544][D:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1556][D:\Program Files\SiteAdvisor\4608\SAService.exe] [N/A, N/A]
[PID: 1492][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2160][D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 2952][D:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 3632][D:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[D:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.3]
[D:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.3]
[D:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.3]
[D:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, N/A]
[D:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, N/A]
[D:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62]
[PID: 1852][d:\program files\mcafee\msc\mcuimgr.exe] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[PID: 4036][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[d:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1020, 3054]
[D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll] [Adobe Systems Incorporated, 7.0.5.2005092300]
[D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll] [Yahoo! Inc., 2005, 11, 21, 1]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[D:\Program Files\SiteAdvisor\4608\SASubMgr.dll] [McAfee, Inc., 2,0,9999,0]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[D:\Program Files\SiteAdvisor\4608\McAPFilt.dll] [McAfee, Inc., 2.1.1.12]
[D:\Program Files\SiteAdvisor\4608\saLang.dll] [McAfee, Inc., 2.1.0.97]
[C:\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.90.3]
[d:\program files\mcafee\virusscan\scriptsn.dll] [McAfee, Inc., 13.2.0.178]
[d:\program files\mcafee\virusscan\mytilus2.dll] [McAfee, Inc., 13.2.0.178]
[d:\program files\mcafee\virusscan\mytilus.dll] [McAfee, Inc., 13.2.0.178]
[d:\program files\mcafee\virusscan\RES00\McShield.dll] [McAfee, Inc., 13.2.0.175]
[D:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[D:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll] [Yahoo! Inc., 2005, 11, 21, 2]
[D:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll] [Yahoo! Inc., 2005.04.08.01]
[D:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[D:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll] [Kaspersky Lab, 5.0.83.0]
[D:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll] [Kaspersky Lab., 4, 0, 2, 28]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 3028][D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 908, 5008]
[D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll] [Google Inc., 1, 2, 908, 5008]
[D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll] [Google Inc., 1, 2, 908, 5008]
[PID: 208][D:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[D:\Documents and Settings\Nic\Desktop\SREng.com] [Smallfrogs Studio, 2.2.6.605]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================

nicdonati · 11-28-2006, 09:02 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 28, 2006 3:51:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/11/2006
Kaspersky Anti-Virus database records: 246266
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 61576
Number of viruses found: 9
Number of infected objects: 31 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:11:47

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007622.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007622.exe ZIP: infected - 1 skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\temp\sqlite_VzJ0Ypl3M7XUvPe Object is locked skipped
D:\WINDOWS\temp\sqlite_VCifSplTDTtN2ic Object is locked skipped
D:\WINDOWS\temp\sqlite_mPrWnRztIRQwStA Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Debug\oakley.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D977D42-A1ED-4530-9DBC-23AA7245CE38}.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320818.dll.bac_a03768 Infected: Trojan-PSW.Win32.Agent.dq skipped
D:\Documents and Settings\Nic\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\UserData\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\History\History.IE5\MSHist012006112820061129\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\633285D9d01/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\633285D9d01 ZIP: infected - 1 skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Nic\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\history.dat Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cert8.db Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\key3.db Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\parent.lock Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\urlclassifier2.sqlite Object is locked skipped
D:\Documents and Settings\Nic\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004161.EXE Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004539.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004540.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005774.exe Infected: Trojan-PSW.Win32.Nilage.aww skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006050.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006056.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006076.exe Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006077.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006079.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006086.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006087.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006088.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006089.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006123.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007528.dll Infected: Trojan-PSW.Win32.Lmir.bge skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped
D:\Recycled\Dd1\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Recycled\Dd2.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Recycled\Dd2.zip ZIP: infected - 1 skipped

Scan process completed.

SmitFraudFix v2.125

Scan done at 14:08:19.47, 28/11/2006
Run from D:\Documents and Settings\Nic\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Nic

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Nic\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\NIC\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

There was nothing in that folder, that u asked me to check in. As for the P2P stuff i will have a look at the link you provided, thank you.

dorts · 11-28-2006, 06:14 PM

How is your system behaving now?

nicdonati · 11-29-2006, 02:41 AM

everything seems ok, is it fixed? Kaspersky said that there were still lots of viruses.

nicdonati · 11-29-2006, 02:52 AM

I think since all the clearing up McAfee has become corrupted, so i tried to re-install it but it said its incompatible with Ad-aware. In your opinion which program or combination of programs is best to protect my computer in the future?

nicdonati · 11-29-2006, 03:15 AM

Sorry one other thing it has been recommended to me to use a Virtual Software Package like Sandboxie (http://www.sandboxie.com), that apparantly will stop these problems, is this true do they work?

dorts · 11-29-2006, 07:17 AM

Quote:

everything seems ok, is it fixed? Kaspersky said that there were still lots of viruses.

The viruses Kaspersky detected are in the System Restore folder. Have you clear the system restore with my instructions?

Quote:

I think since all the clearing up McAfee has become corrupted, so i tried to re-install it but it said its incompatible with Ad-aware. In your opinion which program or combination of programs is best to protect my computer in the future?

For McAfee and Ad-aware, from what I read, there are some compatibility issues. Tell me if you want keep McAfee or get another different one.

And I'll recommend you some free software later on which will give you some protection.

Quote:

Sorry one other thing it has been recommended to me to use a Virtual Software Package like Sandboxie (http://www.sandboxie.com), that apparantly will stop these problems, is this true do they work?

Virtual software do help you in some way. For example, you use the virtual environment(guest) to surf the Internet and use your actual computer(host) to do other things. While surfing using the guest machine, you get infected. Your host will not. Which means your real computer will not get infected, only the virtual one.

From the site:

Quote:

Think of your PC as a piece of paper. Every program you run writes on the paper. When you run your browser, it writes on the paper about every site you visited. And any malware you come across will usually try to write itself into the paper.

Traditional privacy and anti-malware software try to locate and erase any writings they think you wouldn't want on the paper. Most of the times they get it right. But first the makers of these solutions must teach the solution what to look for on the paper, and also how to erase it safely.

On the other hand, the Sandboxie sandbox works like a transparency layer placed over the paper. Programs write on the transparency layer and to them it looks like the real paper. When you delete the sandbox, it's like removing the transparency layer, the unchanged, real paper is revealed.

If you use a virtual software, it would be pretty troublesome as you will be like controlling 2 computers. Transferring files can be a problem to depending on the virtual software.

I use a virtual software for Malware testing purposes only. I am using VMware. In fact, if you are well-protected, I feel there is no need for a virtual software. I have been malware free for a long long time.

Feel free to ask as many questions as you like, I'll be glad to answer.

nicdonati · 11-29-2006, 08:11 AM

Ok, quality. So im not really bothered which software i use i just want the best one. I had heard McAfee was good, but i only installed it once i was having the problems, so it was too late. But if you think some of the free ones are better i will use those instead.

As for the system folder, i followed all of your instructions, which one referred directly to clearing the system folder and i will do it again.

I use TvAnts to watch football on the internet this is where i got the virus stuff from... I think! Anyways quite a few people got the virus and it was concluded that if u do the following steps it will clear the virus and stop it happening again.

1. Clear all Cookies, Offline Files and History (including cache)
2. Find where the Trojan is in your file structure (for me it was C:/Documents & Settings/your name/Local Settings/Temp. You may have to show hidden files)
3. Delete csrss.exe and any *.RAR or *.EXE you find in there (may have to go to safe mode by hitting F8 while the computer starts up)
4. Don't use TVAnts again unless you disable javascript in internet explorer or you can also use Sandboxie or Altiris Software Virtualization Solution for protection.

Now i REALLY dont want that virus again, does it sound likely that these steps will stop it. I always thought u could only get viruses by installing/running exe files therefore i was always careful. But i seem to have got it from TVAnts even though it had already been installed on my computer with no complications i just picked it up one day while running the program.

dorts · 11-29-2006, 09:22 AM

Those steps would not lightly get much off your system. This infection that you got is not a single infection, but a whole lot of infections, accompanied by many friends.

Here are some tips and protection that you can download. Do read through it. Especially PC Safety & Security - What Do I Need? article which is near the bottom of this post. It has some recommendations you might be interested in.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

As well as a great article written by our fellow Security Analyst, Glaswegian.
PC Safety & Security - What Do I Need?.

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Please also consider donating to TSF to keep this site free for all.

nicdonati · 11-29-2006, 11:41 AM

Enable Windows Auto Update

* Go to Start>Run - type wuaucpl.cpl
* tick on the checkbox - "Keep my computer up to date"
* Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
* Click on "OK".

I did this step but the it said that windows could not find this file.

Also i seem to be having other problmes now that i didnt get before i keep getting this blue screen which says something along the lines of

A problem has been detected and windows has been shut down to prevent damge to your computer.

Then there is the error which has been either Driver_IRQL_NOT_LESS_OR_EQUAL
or
BAD_POOL_ERROR

then there is some stuff about recently installed hardware (which i havent done) and then some tech info which says:

***STOP: 0x0000008E (then some more stuff it has changed each time but lots of 0's)

And the last time it had this message at the bottom

d347bus.sys -Address F86C4F47 base at F863000, date stamp 4128a0ld

What is going on!!! I'll read all that stuff.

nicdonati · 11-29-2006, 11:53 AM

Oh and also McAfee security centre cant uninstall now its gone all weird. Like when u got to uninstall, u have to select which parts u want to uninstall but there is this section called "undefined" which i think i supposed to be the firewall part but it gets stuck trying to uninstall it and i cant complete the unistall. How can i get it off my computer?? (i tried re-installing it nut this didnt work either!)

nicdonati · 11-29-2006, 04:33 PM

do u think it is ok to update XP to SP2 now?

nicdonati · 11-29-2006, 04:51 PM

WinPatrol wont install either. Its says "The windows Installer Service could not be accessed. This can occur if are running in Safe mode or if the windows installer is not correctly installed" I have never had this message before! Everything else installed fine, just no this one. I tried downloading it form several different sources too.

11-27-2006, 05:40 PM	#23 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Good work! DrWeb seem to have cured the Viking worm. But just to comfirm, I'll like to take the risk. Try running Google Earth. It was previously infected by Viking but DrWeb has cured it. After that run DrWeb Cureit again. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-27-2006, 10:52 PM	#25 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Good work! These are not the viking worm, so are the ones kaspersky and bitdefender detected. The vikings are cured by DrWeb in the first run. Now let's continue. ---------------------------------- Please delete your current combofix download combofix from this link and save it on your desktop. DO NOT run it yet. Safe Mode Restart your computer. Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key. A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard. This will take a while than usual, so just wait. After it loads, Login on your usual account. ComboFix 1. Run combofix by clicking on combofix.exe on your desktop. 3. When finished, it shall produce a log for you. It will be located at D:\combofix.txt Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. You may now reboot back to normal mode Logs Please post the following logs in your next reply... combofix.txt A New SREng Log A New HijackThis Log __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-28-2006, 06:09 AM	#27 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and welcome back to TSF P2P Software I see you have P2P software (i.e. BitLord) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Downloads and others Please delete your current copy of SmitfraudFix which was not working and download a new copy of SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Reset System Restore Point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK List out files I need to find out what is in some of the folders. So do the following: Start > Run > cmd /c @dir /a/s/b D:\WINDOWS\Download >"%tmp%\~.txt"&"%tmp%\~.txt" Copy and Paste the above into the "run" box, click "Ok" and notepad will open. Post the contents. SmitfraudFix - Option #1 Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! Safe Mode Restart your computer. Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key. A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard. This will take a while than usual, so just wait. After it loads, Login on your usual account. Uninstall Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): TPT Registry_Cleaner Considered Rogueware. See here for more information. Fixes with HijackThis Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file) O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file) O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file) O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file) O4 - HKLM\..\Run: [1f] D:\WINDOWS\System32\rundll32.exe r1ft7.dll Rundll32 O4 - HKLM\..\Run: [wl] D:\WINDOWS\Download\svhost32.exe O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe" O4 - HKCU\..\Run: [wao.exe] D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys Rundll32 O4 - HKCU\..\Run: [Dseh] "D:\WINDOWS\WNSXS~1\userinit.exe" -vt ndrv O15 - Trusted Zone: .adgate.info O15 - Trusted Zone: .adsextend.net O15 - Trusted Zone: .dollarrevenue.com O15 - Trusted Zone: .imagesrvr.com O15 - Trusted Zone: .matcash.com O15 - Trusted Zone: .media-motor.com O15 - Trusted Zone: .mediatickets.net O15 - Trusted Zone: .snipernet.biz O15 - Trusted Zone: .systemdoctor.com O15 - Trusted Zone: .winantivirus.com O15 - Trusted Zone: .adgate.info (HKLM) O15 - Trusted Zone: .adsextend.net (HKLM) O15 - Trusted Zone: .dollarrevenue.com (HKLM) O15 - Trusted Zone: .elitemediagroup.net (HKLM) O15 - Trusted Zone: .imagesrvr.com (HKLM) O15 - Trusted Zone: .matcash.com (HKLM) O15 - Trusted Zone: .media-motor.com (HKLM) O15 - Trusted Zone: .mediatickets.net (HKLM) O15 - Trusted Zone: .snipernet.biz (HKLM) O15 - Trusted Zone: .systemdoctor.com (HKLM) O15 - Trusted Zone: .winantivirus.com (HKLM) O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab Please remember to close all other windows, including browsers then click Fix checked.* Killbox I suppose you still have Killbox on your system. Select the following option - delete on Reboot Use your mouse to select all the filenames listed below & then right-click & select Copy C:\KB173333.log C:\program files\tshz093.exe D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys D:\WINDOWS\System32\r1ft7.dll * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click NO at the 'Pending Operations prompt'. (Do not reboot yet) If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. Folders Deletion Delete the following Folders indicated in BLUE if they still exist. D:\Program Files\TPT Registry_Cleaner You may now reboot back to normal mode Online Scan Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Logs Please post the following logs in your next reply... Folder contents SmitfraudFix's Log Kaspersky’s Online Scan Log A New SREng Log A New HijackThis Log __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-28-2006, 06:14 PM	#30 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	How is your system behaving now? __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-29-2006, 03:15 AM	#33 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	Sorry one other thing it has been recommended to me to use a Virtual Software Package like Sandboxie (http://www.sandboxie.com), that apparantly will stop these problems, is this true do they work? Last edited by nicdonati; 11-29-2006 at 03:16 AM.

11-27-2006, 07:33 AM	#21 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	BitDefender Online Scanner Scan report generated at: Mon, Nov 27, 2006 - 13:10:23 Scan path: C:\;D:\;E:\;F:\;G:\; Statistics Time 01:14:57 Files 466284 Folders 6020 Boot Sectors 3 Archives 7150 Packed Files 72551 Results Identified Viruses 7 Infected Files 58 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 64 Engines Info Virus Definitions 319194 Engine build AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o)=>Setup-137.exe Infected with: Trojan.Agent.IT C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o)=>Setup-137.exe Disinfection failed C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o)=>Setup-137.exe Deleted C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe=>(ZIP Sfx o) Updated C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe Update failed C:\program files\tshz093.exe=>(ZIP Sfx o)=>Setup-137.exe Infected with: Trojan.Agent.IT C:\program files\tshz093.exe=>(ZIP Sfx o)=>Setup-137.exe Disinfection failed C:\program files\tshz093.exe=>(ZIP Sfx o)=>Setup-137.exe Deleted C:\program files\tshz093.exe=>(ZIP Sfx o) Updated C:\program files\tshz093.exe Update failed D:\WINDOWS\RichDll.dll Infected with: Win32.Looked.A D:\WINDOWS\RichDll.dll Disinfection failed D:\WINDOWS\RichDll.dll Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\Logo1_.exe Infected with: Win32.Looked.A D:\Documents and Settings\Nic\DoctorWeb\Quarantine\Logo1_.exe Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\Logo1_.exe Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005698.pif Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005698.pif Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005698.pif Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005765.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005765.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005765.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005767.pif Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005767.pif Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005767.pif Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005770.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005770.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005770.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005771.exe Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005771.exe Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005771.exe Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005772.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005772.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005772.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005773.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005773.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005773.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005775.exe Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005775.exe Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005775.exe Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005776.pif Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005776.pif Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005776.pif Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005778.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005778.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005778.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005780.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005780.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005780.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005781.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005781.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005781.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005782.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005782.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005782.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005786.com Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005786.com Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005786.com Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005787.pif Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005787.pif Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0005787.pif Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006275.exe Infected with: Win32.Looked.A D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006275.exe Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006275.exe Deleted D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006078.EXE Infected with: Trojan.PWS.WOW.ZA D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006078.EXE Disinfection failed D:\Documents and Settings\Nic\DoctorWeb\Quarantine\A0006078.EXE Deleted D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.PWS.Hangame.AW D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768=>(Quarantine-4) Disinfection failed D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768=>(Quarantine-4) Deleted D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768=>(Quarantine-4) Infected with: Trojan.PWS.Hangame.AW D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768=>(Quarantine-4) Disinfection failed D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768=>(Quarantine-4) Deleted D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.PWS.Hangame.AW D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768=>(Quarantine-4) Disinfection failed D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768=>(Quarantine-4) Deleted D:\Documents and Settings\Nic\.housecall6.6\Quarantine\yahoo[1].exe.bac_a03768=>(Quarantine-4) Infected with: Backdoor.PcClient.GV D:\Documents and Settings\Nic\.housecall6.6\Quarantine\yahoo[1].exe.bac_a03768=>(Quarantine-4) Disinfection failed D:\Documents and Settings\Nic\.housecall6.6\Quarantine\yahoo[1].exe.bac_a03768=>(Quarantine-4) Deleted D:\Documents and Settings\Nic\.housecall6.6\Quarantine\~tmp1351.exe.bac_a03768=>(Quarantine-4) Infected with: Backdoor.PcClient.GV D:\Documents and Settings\Nic\.housecall6.6\Quarantine\~tmp1351.exe.bac_a03768=>(Quarantine-4) Disinfection failed D:\Documents and Settings\Nic\.housecall6.6\Quarantine\~tmp1351.exe.bac_a03768=>(Quarantine-4) Deleted D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321813.exe.bac_a00224=>(Quarantine-4) Infected with: Backdoor.PcClient.GV D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321813.exe.bac_a00224=>(Quarantine-4) Disinfection failed D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321813.exe.bac_a00224=>(Quarantine-4) Deleted D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/Logo1_.exe Infected with: Win32.Looked.A D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/Logo1_.exe Disinfection failed D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/Logo1_.exe Deleted D:\Documents and Settings\Nic\Desktop\Zip files.zip Updated D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/rxdll.dll Infected with: Trojan.PWS.Hangame.AW D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/rxdll.dll Disinfection failed D:\Documents and Settings\Nic\Desktop\Zip files.zip=>Zip files/rxdll.dll Deleted D:\Documents and Settings\Nic\Desktop\Zip files.zip Updated D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000262.exe Infected with: Trojan.PSW.Lineage.EE D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000262.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000262.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000672.EXE Infected with: Trojan.PSW.Lineage.EE D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000672.EXE Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000672.EXE Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000673.dll Infected with: Trojan.PSW.Lineage.EE D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000673.dll Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000673.dll Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000703.EXE Infected with: Trojan.PSW.Lineage.EE D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000703.EXE Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000703.EXE Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005785.dll Infected with: Trojan.PSW.Lineage.EE D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005785.dll Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005785.dll Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006118.exe Infected with: Trojan.Spy.Delf.AY D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006118.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006118.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006132.exe Infected with: Trojan.Spy.Delf.AY D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006132.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006132.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007490.exe Infected with: Win32.Looked.A D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007490.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007490.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007491.exe Infected with: Win32.Looked.A D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007491.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007491.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007509.dll Infected with: Win32.Looked.A D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007509.dll Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007509.dll Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007510.exe Infected with: Win32.Looked.A D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007510.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007510.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007511.pif Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007511.pif Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007511.pif Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007512.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007512.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007512.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007513.pif Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007513.pif Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007513.pif Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007514.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007514.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007514.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007515.exe Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007515.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007515.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007516.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007516.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007516.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007517.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007517.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007517.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007518.exe Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007518.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007518.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007519.pif Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007519.pif Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007519.pif Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007520.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007520.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007520.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007521.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007521.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007521.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007522.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007522.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007522.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007523.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007523.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007523.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007524.com Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007524.com Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007524.com Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007525.pif Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007525.pif Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007525.pif Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007526.exe Infected with: Win32.Looked.A D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007526.exe Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007526.exe Deleted D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007527.EXE Infected with: Trojan.PWS.WOW.ZA D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007527.EXE Disinfection failed D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007527.EXE Deleted D:\KavHelp.dll Infected with: Trojan.Spy.Delf.AY D:\KavHelp.dll Disinfection failed D:\KavHelp.dll Deleted

11-27-2006, 07:34 AM	#22 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, November 27, 2006 2:24:58 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 27/11/2006 Kaspersky Anti-Virus database records: 245873 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 61241 Number of viruses found: 8 Number of infected objects: 27 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:53:13 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe ZIP: infected - 1 skipped C:\KB173333.log Infected: not-a-virus:AdWare.Win32.BHO.bq skipped C:\program files\tshz093.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped C:\program files\tshz093.exe ZIP: infected - 1 skipped D:\WINDOWS\system32\config\system.LOG Object is locked skipped D:\WINDOWS\system32\config\software.LOG Object is locked skipped D:\WINDOWS\system32\config\default.LOG Object is locked skipped D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SECURITY Object is locked skipped D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped D:\WINDOWS\system32\config\SYSTEM Object is locked skipped D:\WINDOWS\system32\config\DEFAULT Object is locked skipped D:\WINDOWS\system32\config\SAM Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped D:\WINDOWS\system32\h323log.txt Object is locked skipped D:\WINDOWS\Temp\sqlite_D8g4hqWpgRwixgr Object is locked skipped D:\WINDOWS\Temp\sqlite_TLqOXIcu3by3Cct Object is locked skipped D:\WINDOWS\Temp\sqlite_u34DysWDbcexY2H Object is locked skipped D:\WINDOWS\Temp\sqlite_TTSHdxUbXgu8Q7n Object is locked skipped D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped D:\WINDOWS\Debug\oakley.log Object is locked skipped D:\WINDOWS\Sti_Trace.log Object is locked skipped D:\WINDOWS\wiaservc.log Object is locked skipped D:\WINDOWS\wiadebug.log Object is locked skipped D:\WINDOWS\SchedLgU.Txt Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D977D42-A1ED-4530-9DBC-23AA7245CE38}.log Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\NTUSER.DAT Object is locked skipped D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320818.dll.bac_a03768 Infected: Trojan-PSW.Win32.Agent.dq skipped D:\Documents and Settings\Nic\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\UserData\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\History\History.IE5\MSHist012006112720061128\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_MAP_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_001_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_002_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_003_ Object is locked skipped D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/XpIcfOpt.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\Documents and Settings\Nic\Desktop\Zip files.zip ZIP: infected - 1 skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped D:\Documents and Settings\Nic\Cookies\index.dat Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\history.dat Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cert8.db Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\key3.db Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\parent.lock Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\urlclassifier2.sqlite Object is locked skipped D:\Documents and Settings\Nic\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004161.EXE Infected: Trojan.Win32.Pakes skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004539.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004540.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006050.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006056.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006076.exe Infected: Trojan.Win32.Pakes skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006077.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006079.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006086.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006087.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006088.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006089.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe NSIS: infected - 2 skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006123.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped Scan process completed.

11-27-2006, 07:01 PM	#24 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	Ok thats great news. I ran Google earth and then DrWeb. Here si the log. It still says there are viruses. and so did the Kaspersky and Bitdefender scans last time. A0007492.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Tool.ShutDown.11;Incurable.Moved.; A0007493.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.; A0007494.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.; A0007495.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.; A0007496.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.; A0007497.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.; A0007499.dll;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably DLOADER.Trojan;Incurable.Moved.;

11-28-2006, 09:02 AM	#29 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, November 28, 2006 3:51:35 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/11/2006 Kaspersky Anti-Virus database records: 246266 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 61576 Number of viruses found: 9 Number of infected objects: 31 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:11:47 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006249.exe ZIP: infected - 1 skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007622.exe/Setup-137.exe Infected: Trojan-Dropper.Win32.Agent.ayv skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007622.exe ZIP: infected - 1 skipped D:\WINDOWS\system32\config\system.LOG Object is locked skipped D:\WINDOWS\system32\config\software.LOG Object is locked skipped D:\WINDOWS\system32\config\default.LOG Object is locked skipped D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SECURITY Object is locked skipped D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped D:\WINDOWS\system32\config\SYSTEM Object is locked skipped D:\WINDOWS\system32\config\DEFAULT Object is locked skipped D:\WINDOWS\system32\config\SAM Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped D:\WINDOWS\system32\h323log.txt Object is locked skipped D:\WINDOWS\temp\sqlite_VzJ0Ypl3M7XUvPe Object is locked skipped D:\WINDOWS\temp\sqlite_VCifSplTDTtN2ic Object is locked skipped D:\WINDOWS\temp\sqlite_mPrWnRztIRQwStA Object is locked skipped D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped D:\WINDOWS\Debug\oakley.log Object is locked skipped D:\WINDOWS\Sti_Trace.log Object is locked skipped D:\WINDOWS\wiaservc.log Object is locked skipped D:\WINDOWS\wiadebug.log Object is locked skipped D:\WINDOWS\SchedLgU.Txt Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D977D42-A1ED-4530-9DBC-23AA7245CE38}.log Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\NTUSER.DAT Object is locked skipped D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320818.dll.bac_a03768 Infected: Trojan-PSW.Win32.Agent.dq skipped D:\Documents and Settings\Nic\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\UserData\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\History\History.IE5\MSHist012006112820061129\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_MAP_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_001_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_002_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_003_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\633285D9d01/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\633285D9d01 ZIP: infected - 1 skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped D:\Documents and Settings\Nic\Cookies\index.dat Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\history.dat Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cert8.db Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\key3.db Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\parent.lock Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\urlclassifier2.sqlite Object is locked skipped D:\Documents and Settings\Nic\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004161.EXE Infected: Trojan.Win32.Pakes skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004539.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004540.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005774.exe Infected: Trojan-PSW.Win32.Nilage.aww skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006050.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006056.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006076.exe Infected: Trojan.Win32.Pakes skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006077.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006079.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006086.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006087.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006088.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006089.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe NSIS: infected - 2 skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006123.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0007528.dll Infected: Trojan-PSW.Win32.Lmir.bge skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped D:\Recycled\Dd1\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Recycled\Dd2.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Recycled\Dd2.zip ZIP: infected - 1 skipped Scan process completed. SmitFraudFix v2.125 Scan done at 14:08:19.47, 28/11/2006 Run from D:\Documents and Settings\Nic\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Nic »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Nic\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\NIC\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End There was nothing in that folder, that u asked me to check in. As for the P2P stuff i will have a look at the link you provided, thank you.

11-29-2006, 02:41 AM	#31 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	everything seems ok, is it fixed? Kaspersky said that there were still lots of viruses.

11-29-2006, 02:52 AM	#32 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	I think since all the clearing up McAfee has become corrupted, so i tried to re-install it but it said its incompatible with Ad-aware. In your opinion which program or combination of programs is best to protect my computer in the future?

11-29-2006, 08:11 AM	#35 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	Ok, quality. So im not really bothered which software i use i just want the best one. I had heard McAfee was good, but i only installed it once i was having the problems, so it was too late. But if you think some of the free ones are better i will use those instead. As for the system folder, i followed all of your instructions, which one referred directly to clearing the system folder and i will do it again. I use TvAnts to watch football on the internet this is where i got the virus stuff from... I think! Anyways quite a few people got the virus and it was concluded that if u do the following steps it will clear the virus and stop it happening again. 1. Clear all Cookies, Offline Files and History (including cache) 2. Find where the Trojan is in your file structure (for me it was C:/Documents & Settings/your name/Local Settings/Temp. You may have to show hidden files) 3. Delete csrss.exe and any .RAR or .EXE you find in there (may have to go to safe mode by hitting F8 while the computer starts up) 4. Don't use TVAnts again unless you disable javascript in internet explorer or you can also use Sandboxie or Altiris Software Virtualization Solution for protection. Now i REALLY dont want that virus again, does it sound likely that these steps will stop it. I always thought u could only get viruses by installing/running exe files therefore i was always careful. But i seem to have got it from TVAnts even though it had already been installed on my computer with no complications i just picked it up one day while running the program. Last edited by nicdonati; 11-29-2006 at 08:12 AM.

11-29-2006, 09:22 AM	#36 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Those steps would not lightly get much off your system. This infection that you got is not a single infection, but a whole lot of infections, accompanied by many friends. Here are some tips and protection that you can download. Do read through it. Especially PC Safety & Security - What Do I Need? article which is near the bottom of this post. It has some recommendations you might be interested in. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER As well as a great article written by our fellow Security Analyst, Glaswegian. PC Safety & Security - What Do I Need?. If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. Please also consider donating to TSF to keep this site free for all. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-29-2006, 11:41 AM	#37 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	Enable Windows Auto Update * Go to Start>Run - type wuaucpl.cpl * tick on the checkbox - "Keep my computer up to date" * Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". * Click on "OK". I did this step but the it said that windows could not find this file. Also i seem to be having other problmes now that i didnt get before i keep getting this blue screen which says something along the lines of A problem has been detected and windows has been shut down to prevent damge to your computer. Then there is the error which has been either Driver_IRQL_NOT_LESS_OR_EQUAL or BAD_POOL_ERROR then there is some stuff about recently installed hardware (which i havent done) and then some tech info which says: ***STOP: 0x0000008E (then some more stuff it has changed each time but lots of 0's) And the last time it had this message at the bottom d347bus.sys -Address F86C4F47 base at F863000, date stamp 4128a0ld What is going on!!! I'll read all that stuff.

11-29-2006, 11:53 AM	#38 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	Oh and also McAfee security centre cant uninstall now its gone all weird. Like when u got to uninstall, u have to select which parts u want to uninstall but there is this section called "undefined" which i think i supposed to be the firewall part but it gets stuck trying to uninstall it and i cant complete the unistall. How can i get it off my computer?? (i tried re-installing it nut this didnt work either!)

11-29-2006, 04:33 PM	#39 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	do u think it is ok to update XP to SP2 now?

11-29-2006, 04:51 PM	#40 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 105 OS: XP	WinPatrol wont install either. Its says "The windows Installer Service could not be accessed. This can occur if are running in Safe mode or if the windows installer is not correctly installed" I have never had this message before! Everything else installed fine, just no this one. I tried downloading it form several different sources too.