Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Bob4: Back to you with reports

Started by gorilita , Jan 16 2008 08:16 AM

  • This topic is locked This topic is locked
No replies to this topic

#1 gorilita

gorilita

    Authentic Member

  • Authentic Member
  • PipPip
  • 50 posts

Posted 16 January 2008 - 08:16 AM

Hello Bob4,

I am back. I am definetely here. Had a crazy week. Sorry for let you hanging.

Computer has been running Ok. When I log in to my user name it takes ages to load all the programs (and I don't have that many!) We got rid of Simfraud but something must be bothering the system. I still have to get rid of Ares but I am not using it.

Here is the Kaspersky log and a new HJT log.

Thanks.

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 9:16:47 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512575
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 214933
Number of viruses found: 42
Number of infected objects: 96
Number of suspicious objects: 6
Duration of the scan process: 02:56:26

Infected Object Name / Virus Name / Last Action
C:\Disco Viejo\Download Files\AGSetup0609.exe/trickler3202_bic_audiogalaxydt.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Disco Viejo\Download Files\AGSetup0609.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Disco Viejo\Download Files\AGSetup0609.exe Vise: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\dumb pure bind support\Anti glue.exe Infected: Trojan.Win32.Inject.qu skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch.zip/istsvc.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch4.zip/istsvc.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch8.zip/istsvc.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Natalie\Application Data\camp five wipe\Enc eq drv meow.exe Infected: Trojan-Downloader.Win32.Agent.hhc skipped
C:\Documents and Settings\Natalie\Local Settings\Temporary Internet Files\Content.IE5\F2EACPHO\InsaniquariumDeluxeSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\Natalie\Local Settings\Temporary Internet Files\Content.IE5\SPQVC1IR\DinerDashSetup-dm[2].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\Natalie\Local Settings\Temporary Internet Files\Content.IE5\SPQVC1IR\LemonadeTycoon2Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shirley\My Documents\My Received Files\myspacefoto.zip/foto_005.jpeg-www.myspace.com Infected: Backdoor.Win32.IRCBot.alw skipped
C:\Documents and Settings\Shirley\My Documents\My Received Files\myspacefoto.zip ZIP: infected - 1 skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\cert8.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\history.dat Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\key3.db Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\parent.lock Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\ybookmarks@yahoo.log Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\pqkyc0sx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF9A08.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\My Documents\My Downloads\AirportTycoon3Setup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\user\My Documents\My Downloads\mspass_setup-1.exe/mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.106 skipped
C:\Documents and Settings\user\My Documents\My Downloads\mspass_setup-1.exe ZIP: infected - 1 skipped
C:\Documents and Settings\user\My Documents\My Downloads\mspass_setup.exe/mspass.exe Infected: not-a-virus:PSWTool.Win32.Messen.106 skipped
C:\Documents and Settings\user\My Documents\My Downloads\mspass_setup.exe ZIP: infected - 1 skipped
C:\Documents and Settings\user\My Documents\My Downloads\playtoadgeneralfree.exe/WISE0041.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\user\My Documents\My Downloads\playtoadgeneralfree.exe/WISE0042.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\user\My Documents\My Downloads\playtoadgeneralfree.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\user\My Documents\My Downloads\playtoadgeneralfree.exe WiseSFXDropper: infected - 2 skipped
C:\Documents and Settings\user\My Documents\My Downloads\reSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\user\My Documents\My Downloads\SmileyCentralFFSetup2.1.50.2.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\user\My Documents\My Downloads\WarezP2P_CSP_S.exe/data0045 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\user\My Documents\My Downloads\WarezP2P_CSP_S.exe/data0046 Infected: Packed.Win32.PolyCrypt.d skipped
C:\Documents and Settings\user\My Documents\My Downloads\WarezP2P_CSP_S.exe NSIS: infected - 2 skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Hijack This\hijackthis\backups\backup-20060803-233643-809.dll Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Hijack This\hijackthis\backups\backup-20080102-205251-220.dll Infected: not-a-virus:AdWare.Win32.Vapsup.vq skipped
C:\Hijack This\hijackthis\backups\backup-20080103-085806-142.dll Infected: not-a-virus:AdWare.Win32.Vapsup.vq skipped
C:\Mozilla Downloads\installer_en.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ci skipped
C:\Mozilla Downloads\lyricsplugin.exe Infected: Trojan-Dropper.Win32.Agent.dpt skipped
C:\Mozilla Downloads\smart-keystroke-recorder-pro-setup.exe/file05 Infected: not-a-virus:Monitor.Win32.SKRecorder.a skipped
C:\Mozilla Downloads\smart-keystroke-recorder-pro-setup.exe/file10 Infected: not-a-virus:Monitor.Win32.SKRecorder.a skipped
C:\Mozilla Downloads\smart-keystroke-recorder-pro-setup.exe Inno: infected - 2 skipped
C:\Mozilla Downloads\smart-keystroke-recorder-setup.exe/file04 Infected: not-a-virus:Monitor.Win32.SKRecorder.a skipped
C:\Mozilla Downloads\smart-keystroke-recorder-setup.exe/file09 Infected: not-a-virus:Monitor.Win32.SKRecorder.a skipped
C:\Mozilla Downloads\smart-keystroke-recorder-setup.exe Inno: infected - 2 skipped
C:\Mozilla Downloads\SmitfraudFix(2).exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Mozilla Downloads\SmitfraudFix(2).exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Mozilla Downloads\SmitfraudFix(2).exe RarSFX: infected - 2 skipped
C:\Mozilla Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Mozilla Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Mozilla Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Mozilla Downloads\VideoAccessCodecInstall.exe Infected: Trojan-Downloader.Win32.Zlob.fnr skipped
C:\My Games\My Downloads\RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\My Games\My Downloads\RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\My Games\My Downloads\RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\My Games\My Downloads\RevelationV2.zip ZIP: infected - 3 skipped
C:\My Games\My Downloads\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\My Games\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\My Games\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\My Games\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\My Games\My Downloads\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\My Games\My Downloads\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\My Games\My Downloads\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\My Games\My Downloads\setup_ares.exe NSIS: infected - 7 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Circle Developement\Uninstall.exe Infected: Trojan.Win32.Obfuscated.mt skipped
C:\Program Files\filesubmit\3D Colorful Floral Set 1\atoolbar400134.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Program Files\filesubmit\3D Colorful Floral Set 1\atoolbar400134.exe WiseSFX: infected - 1 skipped
C:\Program Files\filesubmit\3D Colorful Floral Set 1\atoolbar400134.exe WiseSFXDropper: infected - 1 skipped
C:\Program Files\filesubmit\3D Colorful Floral Set 1\Ezthemes_WhenUSaveNow_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\filesubmit\kitty78.zip\atoolbar400134.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped
C:\Program Files\filesubmit\kitty78.zip\atoolbar400134.exe WiseSFX: infected - 1 skipped
C:\Program Files\filesubmit\kitty78.zip\atoolbar400134.exe WiseSFXDropper: infected - 1 skipped
C:\Program Files\filesubmit\kitty78.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\Kazaa\PerfectNavUninstall.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\Program Files\Kazaa\PerfectNavUninstall.exe NSIS: infected - 1 skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\MyWay\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.d skipped
C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWay\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Smart Keystroke Recorder\Hooks.dll Infected: not-a-virus:Monitor.Win32.SKRecorder.a skipped
C:\Program Files\Smart Keystroke Recorder\sma.exe Infected: not-a-virus:Monitor.Win32.SKRecorder.a skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1004\Dc2.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1004\Dc2.exe CAB: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1004\Dc4\Bore Fork Bend.exe Infected: Trojan-Downloader.Win32.Agent.hha skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1004\Dc4\Enc eq drv meow.exe Infected: Trojan-Downloader.Win32.Agent.hhc skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1004\Dc4\OWNSAXISHECK.exe Infected: Trojan-Downloader.Win32.Agent.hhd skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1004\Dc4\qmlewnyj.exe Infected: Trojan.Win32.Inject.qu skipped
C:\RECYCLER\S-1-5-21-1993962763-562591055-839522115-1007\Dc76.exe Infected: not-a-virus:AdWare.Win32.2Search.k skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185248.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185249.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185250.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185251.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185252.exe Infected: Trojan-Downloader.Win32.BHO.al skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185253.dll Infected: not-a-virus:AdWare.Win32.ActivShopper.a skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185254.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185255.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.i skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185256.exe Infected: not-a-virus:AdWare.Win32.2Search.l skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185257.dll Infected: not-a-virus:AdWare.Win32.Agent.cb skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185258.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185259.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP940\A0185260.dll Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP947\A0185743.exe Infected: Trojan.Win32.Inject.qu skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP947\A0185753.exe Infected: Trojan.Win32.Inject.qu skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP947\A0185775.dll Infected: not-a-virus:AdWare.Win32.Vapsup.vq skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP947\A0185852.exe Infected: Trojan.Win32.Inject.qu skipped
C:\System Volume Information\_restore{0FCD1907-7079-4059-A4C4-2413A33EDACF}\RP958\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 09:19:12 a.m., on 01/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IESniffer Class - {B6ADE150-743D-11D4-8141-00E029626F6A} - C:\Program Files\Smart Keystroke Recorder\BrowserSniffer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sma] C:\Program Files\Smart Keystroke Recorder\sma.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BoobMove] C:\DOCUME~1\user\APPLIC~1\CAMPFI~1\OWNSAXISHECK.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay12...es/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.mysmartvi...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·