Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Need Help with Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 ShadowStorm

ShadowStorm

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 27 April 2008 - 02:18 PM

Without realising it I opened up a program and it infected my computer... :smack:
Everytime I try to open a folder, or a page in internet explorer it gives this little promt:
Posted Image [Fake, whenever I hit ok it brings me to a site that just wanted to download more malware, not posting link unless told otherwise.]
I want help finding and removing this pesky thing...

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:40 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Video - {95E1D855-9232-48F7-80D9-1ADB65B7939C} - C:\WINDOWS\zonsakru.dll
O2 - BHO: Video - {DA40137D-AE41-4148-BFEC-916B326D5BBD} - C:\WINDOWS\todnru.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Steam] "e:\programs\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs:  
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: wampapache - Unknown owner - E:\WAMP\apache2\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - E:\WAMP\mysql\bin\mysqld-nt.exe (file missing)

--
End of file - 7934 bytes


Malwarebytes' Log
Malwarebytes' Anti-Malware 1.11
Database version: 663

Scan type: Full Scan (C:\|D:\|E:\|G:\|J:\|T:\|Z:\|)
Objects scanned: 579533
Time elapsed: 12 hour(s), 53 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cuskina.AVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky Log
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Wednesday, April 23, 2008 6:01:22 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 23/04/2008
 Kaspersky Anti-Virus database records: 722460
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\
	G:\
	J:\
	T:\
	X:\
	Y:\
	Z:\

Scan Statistics:
	Total number of scanned objects: 530762
	Number of viruses found: 14
	Number of infected objects: 102
	Number of suspicious objects: 0
	Duration of the scan process: 17:21:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940001\47F68B62.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940002\47F68B78.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940003\47F6906B.VBN	Infected: Trojan-PSW.Win32.LdPinch.dud	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940004\47F69076.VBN	Infected: Trojan-PSW.Win32.LdPinch.dud	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940005\47FDCD6D.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940006\47FDEC72.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940007\47FDEDC5.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01940009\47FE09F4.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0194000A\47FE0AE1.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0194000B\47FE0B45.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0194000C\47FE1092.VBN	Infected: Trojan-PSW.Win32.LdPinch.dud	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0194000D\47FE1100.VBN	Infected: Trojan-PSW.Win32.LdPinch.dud	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02580000\47D9F71D.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02580001\47DB5761.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02580008\47DC9AA6.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02F40000.VBN/WPE PRO.exe	Infected: Sniffer.Win32.WpePro.a	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02F40000.VBN/WpeSpy.dll	Infected: Sniffer.Win32.WpePro.a	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02F40000.VBN	ZIP: infected - 2	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02F40000.VBN	CryptZ: infected - 2	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00000\47DCC6BA.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00001\47DD8DEB.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00002\47DE18C6.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00003\47DF6D93.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00004\47D0BF3A.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00005\47D2110F.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D00006\47D4B45E.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN/BrutusA2.exe	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN	ZIP: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN	CryptZ: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400000\4FDDEB8F.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09400003\4FDF3CB2.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A5C0000\4EFEFD2C.VBN	Infected: Trojan.Win32.BHO.aug	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN/WPE PRO.exe	Infected: Sniffer.Win32.WpePro.a	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN/WpeSpy.dll	Infected: Sniffer.Win32.WpePro.a	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN	RAR: infected - 2	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN	CryptZ: infected - 2	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C380002\4FBC6F0C.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400000.VBN/BrutusA2.exe	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400000.VBN	ZIP: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400000.VBN	CryptZ: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400002.VBN/BrutusA2.exe	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400002.VBN	ZIP: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400002.VBN	CryptZ: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400003.VBN/inside.dll	Infected: Trojan-PSW.Win32.LdPinch.dud	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400003.VBN/lahelp  new/inside.dll	Infected: Trojan-PSW.Win32.LdPinch.dud	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400003.VBN	RAR: infected - 2	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400003.VBN	CryptZ: infected - 2	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400005.VBN/IceCold ReLoaded.exe	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400005.VBN	RAR: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400005.VBN	CryptZ: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400007.VBN/IceCold ReLoaded.exe	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400007.VBN	ZIP: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D400007.VBN	CryptZ: infected - 1	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4FDCA980.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001\4FDCA9A4.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002\4FDCAA54.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003\4FDDD697.VBN	Infected: HackTool.Win32.Homac	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400000\4F46A821.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400001\4F46A9F3.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580000\4FD9889A.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F580001\4FDA24D5.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0000\4FBC8EAD.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0003\4FBDE205.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0006\4FBF34DB.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0009\4FBC85EF.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC000C\4FBC7C3C.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC000F\4FBDD062.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FBC0012\4FBF1D7F.VBN	Infected: not-a-virus:PSWTool.Win32.Brutus	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\acccore\nss\cert8.db	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\acccore\nss\key3.db	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Mike\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Desktop\mch4t\mIRC\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.631	skipped
C:\Documents and Settings\Mike\Desktop\RoboR Cheater Reloaded v3\data\Super Weapon Hack\WPE PRO.exe	Infected: Sniffer.Win32.WpePro.a	skipped
C:\Documents and Settings\Mike\Desktop\RoboR Cheater Reloaded v3\data\Super Weapon Hack\WpeSpy.dll	Infected: Sniffer.Win32.WpePro.a	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\AOL OCP\AIM\Storage\data\mightyfallen17\localStorage\common.cls	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Messenger\Mightyfallen17@hotmail.com\SharingMetadata\Logs\Dfsr00005.log	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Messenger\Mightyfallen17@hotmail.com\SharingMetadata\pending.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Messenger\Mightyfallen17@hotmail.com\SharingMetadata\Working\database_2C70_3DB0_703D_819E\dfsr.db	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Messenger\Mightyfallen17@hotmail.com\SharingMetadata\Working\database_2C70_3DB0_703D_819E\fsr.log	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Messenger\Mightyfallen17@hotmail.com\SharingMetadata\Working\database_2C70_3DB0_703D_819E\fsrtmp.log	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Messenger\Mightyfallen17@hotmail.com\SharingMetadata\Working\database_2C70_3DB0_703D_819E\tmp.edb	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows Live Contacts\Mightyfallen17@hotmail.com\real\members.stg	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows Live Contacts\Mightyfallen17@hotmail.com\shadow\members.stg	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\Cache\34C3736Ad01	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ezwizd8d.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012008042320080424\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\A7D-tmpaoi.exe/data0000	Infected: Trojan-Downloader.Win32.Peregar.ch	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\A7D-tmpaoi.exe	EmbeddedEXE: infected - 1	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\A7D-tmpaoi.exe	UPX: infected - 1	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\A7D-tmpaoi.exe	PE_Patch.UPX: infected - 1	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\A7F-tmpaoi.exe	Infected: Trojan-Downloader.Win32.Peregar.cg	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\flaA3D.tmp	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DF1820.tmp	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DF6B8.tmp	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DF8F8.tmp	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DF949.tmp	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DFFC68.tmp	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\IF6NE1QF\drv32[1].data/data0000	Infected: Trojan-Downloader.Win32.Peregar.ch	skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\IF6NE1QF\drv32[1].data	EmbeddedEXE: infected - 1	skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\IF6NE1QF\drv32[1].data	UPX: infected - 1	skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\IF6NE1QF\drv32[1].data	PE_Patch.UPX: infected - 1	skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\RE9VA1ET\drv32[1].data	Infected: Trojan-Downloader.Win32.Peregar.cg	skipped
C:\Documents and Settings\Mike\My Documents\My Chat Logs\April 2008\billybravo13@hotmail.com.html	Object is locked	skipped
C:\Documents and Settings\Mike\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Mike\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_210.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG	Object is locked	skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_90.trc	Object is locked	skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0397NAV~.TMP	Object is locked	skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0562NAV~.TMP	Object is locked	skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0624NAV~.TMP	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{ACD26F07-9C5E-4484-B04E-EB3F6B8CC9C6}\RP48\A0016341.exe	Infected: Sniffer.Win32.WpePro.a	skipped
C:\System Volume Information\_restore{ACD26F07-9C5E-4484-B04E-EB3F6B8CC9C6}\RP48\A0016342.dll	Infected: Sniffer.Win32.WpePro.a	skipped
C:\System Volume Information\_restore{ACD26F07-9C5E-4484-B04E-EB3F6B8CC9C6}\RP48\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\todnru.dll	Infected: Trojan-Downloader.Win32.Peregar.ch	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
C:\WINDOWS\zonsakru.dll	Infected: Trojan-Downloader.Win32.Peregar.cg	skipped
D:\Drive2\c BACK\Program Files\mIRCIBOT\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
D:\Drive2\c BACK\Program Files\mIRCRBot\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
D:\Drive2\SAMSUNG 6.4 Backup\C\mike1\My Documents\mirc616.exe/data0001.bin	Infected: not-a-virus:Client-IRC.Win32.mIRC.616	skipped
D:\Drive2\SAMSUNG 6.4 Backup\C\mike1\My Documents\mirc616.exe	mIRC: infected - 1	skipped
D:\Old C\Program Files\Trend Micro\Internet Security 2006\Quarantine\BC.tmp	Infected: Sniffer.Win32.WpePro.a	skipped
D:\Old C\Program Files\Trend Micro\Internet Security 2006\Quarantine\C3.tmp	Infected: Sniffer.Win32.WpePro.a	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
E:\RECYCLER\S-1-5-21-2052111302-1972579041-839522115-1003\De3.exe	Infected: Trojan-Downloader.Win32.Peregar.ci	skipped
E:\RoboR_Cheater_Reloaded_v3.rar/RoboR Cheater Reloaded v3/data/Super Weapon Hack/WPE PRO.exe	Infected: Sniffer.Win32.WpePro.a	skipped
E:\RoboR_Cheater_Reloaded_v3.rar/RoboR Cheater Reloaded v3/data/Super Weapon Hack/WpeSpy.dll	Infected: Sniffer.Win32.WpePro.a	skipped
E:\RoboR_Cheater_Reloaded_v3.rar	RAR: infected - 2	skipped
E:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
E:\System Volume Information\_restore{ACD26F07-9C5E-4484-B04E-EB3F6B8CC9C6}\RP49\change.log	Object is locked	skipped
G:\System Volume Information\_restore{2CB179E7-A295-4CBB-A39C-D95735711612}\RP21\A0005297.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
J:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
T:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\xpkey.exe	Infected: not-a-virus:PSWTool.Win32.RAS.g	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18dbb528d8afcfc7bba1b600b32589db_389e0398-393b-4123-b76a-b3acf2ee8987	Object is locked	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\557f2440a7c88c5a138f8418dd4cbdb9_389e0398-393b-4123-b76a-b3acf2ee8987	Object is locked	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\594f8c92c35b049cc5b4e285112d77aa_389e0398-393b-4123-b76a-b3acf2ee8987	Object is locked	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f7cec4cd4d458724ea4e0edb5375d73_389e0398-393b-4123-b76a-b3acf2ee8987	Object is locked	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa20979f9a4ac3b34f67ca7952680234_389e0398-393b-4123-b76a-b3acf2ee8987	Object is locked	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f41ac8c31336d11c3efeae6c59c5bf6d_389e0398-393b-4123-b76a-b3acf2ee8987	Object is locked	skipped
T:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp	Object is locked	skipped
T:\Documents and Settings\Michael\Desktop\Game Stuff\RuneScape Cheating\Blupig's All-In-One Cheat Package\Blupig's All-In-One Cheat Package #3.rar/Blupig's All-In-One Cheat Package/Helpers/Calculators/Super Combat Calculator/Combat Calculator.exe	Infected: not-virus:BadJoke.MSIL.Agent.w	skipped
T:\Documents and Settings\Michael\Desktop\Game Stuff\RuneScape Cheating\Blupig's All-In-One Cheat Package\Blupig's All-In-One Cheat Package #3.rar	RAR: infected - 1	skipped
T:\Documents and Settings\Michael\Desktop\Game Stuff\RuneScape Cheating\Blupig's All-In-One Cheat Package\Helpers\Calculators\Super Combat Calculator\Combat Calculator.exe	Infected: not-virus:BadJoke.MSIL.Agent.w	skipped
T:\Documents and Settings\Michael\Desktop\Projects\SupportBot.rar/SupportBot/mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.621	skipped
T:\Documents and Settings\Michael\Desktop\Projects\SupportBot.rar	RAR: infected - 1	skipped
T:\Documents and Settings\Michael\Local Settings\Temp\hsperfdata_Michael\1216	Object is locked	skipped
T:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
Z:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped

Scan process completed.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 29 April 2008 - 02:54 PM

Posted Image

Please don't start anymore new topics.

Sorry about the delay in responding :(

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 ShadowStorm

ShadowStorm

    Authentic Member

  • Authentic Member
  • PipPip
  • 44 posts

Posted 30 April 2008 - 02:11 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:28 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\programs\steam\steam.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
E:\Games\AeriaGames\DOMO\Main\DOMO.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Video - {DA40137D-AE41-4148-BFEC-916B326D5BBD} - C:\WINDOWS\todnru.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Steam] "e:\programs\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimd...lidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: wampapache - Unknown owner - E:\WAMP\apache2\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - E:\WAMP\mysql\bin\mysqld-nt.exe (file missing)

--
End of file - 7876 bytes

There you go...

and its laggish, and i found the name of the virus, Trojan.FakeAlert or something...

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 30 April 2008 - 06:19 PM

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 11 May 2008 - 06:29 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users