WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] hijackthis log

Started by smoochy2000 , Mar 29 2008 10:13 AM

This topic is locked

16 replies to this topic

#1 smoochy2000

New Member

New Member
8 posts

Posted 29 March 2008 - 10:13 AM

stupid me got sucked in with the blockcheckerim link on MSN messenger & now I'm doing damage control. Any help much appreciated thanks. :unsure:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:07 AM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\SIERRA\CardStudio\PLNRnote.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Documents and Settings\Dorothy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Edit in &Picnik - http://www.picnik.co.../ie-import.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9821 bytes

Advertisements

Register to Remove

#2 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 31 March 2008 - 03:53 PM

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Save and quit any work your doing before beginning the fix.
All hijackthis logs I ask for should be done in normal mode ( not safe mode)
These logs should be done last after you have followed my instructions in the previous post.

Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!

_____________________________________________
I see no obvious signs of Malware but how about we get a couple of scans to be sure.

______________________________
RUN HJT

HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close that.

________________________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post the contents of that log.

If you accidently close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs

___________________________________
Download and install CCleaner from here

If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

[list]
Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
Reset Temp File Removal for Regular Use.
Click on the Options block on the left. Select the Advanced button.
Check "Only delete files in Windows Temp folders older than 48 hours".

Now run the program and click on Run Cleaner
( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).

____________________________________________

Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure as follows: [list]
Scan using the following Anti-Virus database:
[list]
Extended
[list]
Scan Options:[list]
Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click save report as

Posted Image

[*] Click the Save as Text button to save the file to your desktop and post it in your next reply
Posted Image

Turn off the real time scanner of any existing antivirus program while performing the online scan

_________________________
In your next reply I would like to see:

A new HJT log
The report from Malware BYtes
The report from Kasperskys
The report from

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#3 smoochy2000

New Member

New Member
8 posts

Posted 01 April 2008 - 01:31 PM

Hi Bob, logs you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:29 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Dorothy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Edit in &Picnik - http://www.picnik.co.../ie-import.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9444 bytes

Malwarebytes' Anti-Malware 1.09
Database version: 576

Scan type: Full Scan (A:\|C:\|D:\|E:\|H:\|I:\|J:\|K:\|)
Objects scanned: 236644
Time elapsed: 1 hour(s), 19 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 01, 2008 2:19:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/04/2008
Kaspersky Anti-Virus database records: 675957
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 194121
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 02:36:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{198EF3A2-1ADD-44F4-A087-3B7B9A5B629E}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{350B564F-33C0-4796-BB39-C5A8B174A327}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{6B81E3AC-8D65-46A2-9FE4-1D898EA71A9E}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{D6CBBABD-E8E8-4416-9096-8F2377EFA4C9}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{83F780F6-32A6-448E-AFAD-AABC40169645}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{83F780F6-32A6-448E-AFAD-AABC40169645}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\20079E3D.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A2B57C33.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Dorothy\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\cert8.db Object is locked skipped
C:\Documents and Settings\Dorothy\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\history.dat Object is locked skipped
C:\Documents and Settings\Dorothy\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\key3.db Object is locked skipped
C:\Documents and Settings\Dorothy\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\parent.lock Object is locked skipped
C:\Documents and Settings\Dorothy\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Dorothy\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Dorothy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xo6r025.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dorothy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dorothy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP267\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET8983.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\MAY 23.06\Extract a Selection from Photo in Photoshop tutorial.htm Infected: Trojan-Downloader.JS.Psyme.hz skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP267\change.log Object is locked skipped
E:\0a085f56d62389a9685e63\update\update.exe Object is locked skipped
E:\2134884cdd9e6cb86cfd\callcont.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\evtgprov.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\gdi32.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\h323.tsp Object is locked skipped
E:\2134884cdd9e6cb86cfd\h323msp.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\helpctr.exe Object is locked skipped
E:\2134884cdd9e6cb86cfd\ipnathlp.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\lsasrv.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\mf3216.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\msasn1.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\msgina.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\mst120.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\netapi32.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\nmcom.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\rtcdll.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\schannel.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\spmsg.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\spuninst.exe Object is locked skipped
E:\2134884cdd9e6cb86cfd\update\KB835732.cat Object is locked skipped
E:\2134884cdd9e6cb86cfd\update\spcustom.dll Object is locked skipped
E:\2134884cdd9e6cb86cfd\update\update.exe Object is locked skipped
E:\2134884cdd9e6cb86cfd\update\update.inf Object is locked skipped
E:\2134884cdd9e6cb86cfd\update\update.ver Object is locked skipped
E:\2134884cdd9e6cb86cfd\xpsp2res.dll Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP267\change.log Object is locked skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP569\A0107653.exe/Loadfp._ex Infected: not-a-virus:Monitor.Win32.KeyKey.121 skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP569\A0107653.exe ZIP: infected - 1 skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe/data0004/stream/data0004 Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe/data0004/stream Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe/data0004 Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe RarSFX: infected - 5 skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe/data0004/stream/data0004 Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe/data0004/stream Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe/data0004 Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar Infected: Trojan.Win32.StartPage.rr skipped
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe RarSFX: infected - 5 skipped
E:\System Volume Information\_restore{F9486113-0DBD-4892-8707-5803A9D0D324}\RP38\A0010328.exe Infected: Trojan.Win32.Small.ih skipped

Scan process completed.

Thanks for your help

#4 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 01 April 2008 - 01:51 PM

Nothing much showing up. I'm not to concerned. :popcorn:

Navigate to and delete this file I have listed in bold type.

D:\MAY 23.06\Extract a Selection from Photo in Photoshop tutorial.htm

Other than that I think your OK.

I would reset system restore files now also. There are some infections left in there. If your were to use system restore you might place them back in the working end of the computer. This is how we clear those out. :thumbup:

___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK

___________________________________

Let me know that went ok and if there are any other issues you have.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#5 smoochy2000

New Member

New Member
8 posts

Posted 02 April 2008 - 05:56 AM

Here is new Kaspersky log scanned after following instx. re system restore. I guess I'm not finished here yet :unsure:

thanks KASPERSKY ONLINE SCANNER REPORT Wednesday, April 02, 2008 6:48:44 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/04/2008 Kaspersky Anti-Virus database records: 677193 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: false Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 186512 Number of viruses found: 3 Number of infected objects: 15 Number of suspicious objects: 0 Duration of the scan process: 02:36:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{0C3DA487-963C-450C-A6A5-5968AFEFD90E}.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{350B564F-33C0-4796-BB39-C5A8B174A327}.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{6755FBA5-25D9-472F-8B6E-3FFD0BF3F58D}.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{CF8B22E0-B512-4983-A9A5-273D42686378}.DAT Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{83F780F6-32A6-448E-AFAD-AABC40169645}.ldb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{83F780F6-32A6-448E-AFAD-AABC40169645}.sds Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\35216996.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\Dorothy\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped C:\Documents and Settings\Dorothy\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\History\History.IE5\MSHist012008040120080402\index.dat Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Dorothy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dorothy\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Dorothy\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\JET7FDE.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP1\change.log Object is locked skipped E:\0a085f56d62389a9685e63\update\update.exe Object is locked skipped E:\2134884cdd9e6cb86cfd\callcont.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\evtgprov.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\gdi32.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\h323.tsp Object is locked skipped E:\2134884cdd9e6cb86cfd\h323msp.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\helpctr.exe Object is locked skipped E:\2134884cdd9e6cb86cfd\ipnathlp.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\lsasrv.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\mf3216.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\msasn1.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\msgina.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\mst120.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\netapi32.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\nmcom.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\rtcdll.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\schannel.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\spmsg.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\spuninst.exe Object is locked skipped E:\2134884cdd9e6cb86cfd\update\KB835732.cat Object is locked skipped E:\2134884cdd9e6cb86cfd\update\spcustom.dll Object is locked skipped E:\2134884cdd9e6cb86cfd\update\update.exe Object is locked skipped E:\2134884cdd9e6cb86cfd\update\update.inf Object is locked skipped E:\2134884cdd9e6cb86cfd\update\update.ver Object is locked skipped E:\2134884cdd9e6cb86cfd\xpsp2res.dll Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP1\change.log Object is locked skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP569\A0107653.exe/Loadfp._ex Infected: not-a-virus:Monitor.Win32.KeyKey.121 skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP569\A0107653.exe ZIP: infected - 1 skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe/data0004/stream/data0004 Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe/data0004/stream Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe/data0004 Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar/torrentsearch.exe Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe/data.rar Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116765.exe RarSFX: infected - 5 skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe/data0004/stream/data0004 Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe/data0004/stream Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe/data0004 Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar/torrentsearch.exe Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe/data.rar Infected: Trojan.Win32.StartPage.rr skipped E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570\A0116766.exe RarSFX: infected - 5 skipped E:\System Volume Information\_restore{F9486113-0DBD-4892-8707-5803A9D0D324}\RP38\A0010328.exe Infected: Trojan.Win32.Small.ih skipped Scan process completed.

#6 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 02 April 2008 - 06:20 AM

___________________________________
Ok we need to take care of the E drive on your computer.

Right click My Computer
Then Propeties then system restore

Highlight E drive. Then click settings.

Once in there click on turn off system restore.

click OK close that window then click apply.

REBOOT

Now go right back to the same place and uncheckturn off system restore.
Click APPLYand OK

Let me know how that went.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#7 smoochy2000

New Member

New Member
8 posts

Posted 02 April 2008 - 09:23 AM

Hi, I followed your instx. re E drive, rescanned and kaspersky still detects same viruses. Can post the log if you want but results look the same.

#8 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 02 April 2008 - 02:17 PM

Question : Do you have another operating system on that drive ? or Is it just a back up?

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#9 smoochy2000

New Member

New Member
8 posts

Posted 02 April 2008 - 03:29 PM

XP Pro is (and always has been) the only operating system on this pc. System is comprised of 2 internal hard drives: 120G is partitioned 1x40G - "C" w/ operating system 1x80G - "E" back end of partition used strictly for storage 80G independent slave drive "D" used strictly for storage

#10 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 03 April 2008 - 06:12 AM

I'm still looking into this small problem. In the meantime hopefully system restore will not be needed. :smack:

Restore points are saved until the hard disk space for System Restore reserves is filled up. As new restore points are created, old ones are deleted. So eventually the bad points will be all gone.

I would like to try one other thing if you like.

____________________________________
Right click My Computer
Then Properties then system restore

Highlight E drive. Then click settings.

Slide the indicator for "disk space to use" to zero.
It will still show some space reserved for restore depending on the size of your drive.

click OK

close that window

then click apply.

REBOOT

Now go right back to the same place and check turn off system restore.
Click APPLYand OK

Reboot again

Before turning system restore back on the E drive run a scan with kasperskys if you like. I know it's a slow scan. :popcorn:

Edited by bob4, 03 April 2008 - 06:13 AM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Advertisements

Register to Remove

#11 smoochy2000

New Member

New Member
8 posts

Posted 03 April 2008 - 11:55 AM

Hi, made the adjustments to the E drive settings, shut off the system restore & did another scan, unfortunately I'm still getting the same results

What's next, do I bite the bullet & reformat C & E? Thanks

#12 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 03 April 2008 - 12:07 PM

Heck no .. No reason to reformat. As I said those restore points are going to go away on there own as time progresses. I am still awaiting some replys to a query I have made on this issue.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#13 smoochy2000

New Member

New Member
8 posts

Posted 03 April 2008 - 03:51 PM

ok thanks for all the help, I didn't want to spend the weekend reformatting anyway lol. I seem to remember getting nailed with a Trojan on that drive quite some time back, hopefully that restore point's near the trash can

#14 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 03 April 2008 - 05:49 PM

I'm just a bit away from having a fix for you. :thumbup:

Promise. Just a bit more time. We all have better things to do than to reformat. :rofl:

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#15 bob4

MalwareTeam Emeritus

Authentic Member
2,205 posts

Posted 04 April 2008 - 12:42 PM

Click start /run/

and copy this in exactly

cacls "E:\System Volume Information" /E /G Dorothy:F

You wont see much happen.

Now navigate to and delete these folders
I have in bold type.

Just delete the folders listed in bold type.

E:\System Volume Information\_restore{F9486113-0DBD-4892-8707-5803A9D0D324}\RP38
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP570
E:\System Volume Information\_restore{9FF407A8-684A-4AC8-B627-82BB5C719A7D}\RP569
E:\System Volume Information\_restore{613A14B7-AAF6-4597-A5CA-5E892308BF75}\RP1

Once you have those 3 folders deleted close that window

click start /run
and copy this in exactly.

cacls "E:\System Volume Information" /E /R Dorothy

That should be the end of this issue.

Edited by bob4, 04 April 2008 - 12:42 PM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Body Background

skin color theme