• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
chickeniam

Infested Computer TrojanDownloaderAgentAFG

17 posts in this topic

HELP!

 

I was recently infected with TrojanDownloaderAgentAFG. (Hijackthis and AVGantimalware Log Files Below)

 

Immediately searched for an online antivirus that could help, none did.

 

Downloaded and used Spybot S&D......Helped a little bit.

 

Followed instructions on this website

 

Used AVG anti malware and HijackThis

 

Seemed to get rid of a whole bunch of malware/spyware. including some fake -ing thing that popped up and told me that there were updates ready for my computer (sorry I can't remember the name of it......)

Also deleted something called zuxoxiba.exe.

 

I can't seem to get rid of these files called :

O2 - BHO: (no name) - {1613AA55-8490-45F1-A6AB-0A2911470629} - C:\WINDOWS\system32\nnnkj.dll

O2 - BHO: (no name) - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527} - C:\WINDOWS\system32\hggheef.dll

O20 - Winlogon Notify: hggheef - C:\WINDOWS\SYSTEM32\hggheef.dll

O20 - Winlogon Notify: nnnkj - C:\WINDOWS\system32\nnnkj.dll

 

Tried deleting these files using the "delete on reboot" option in Hijackthis, with no success. (they wont die!!)

 

They're not the only offenders, Spybot S&D occasionly comes up asking me either to allow or deny a registry change of sort, by all different things.

 

 

Example:

Spybot search and destroy Dialogue box:

""

Category: Browser Helper Object

Change: Value deleted

 

Entry {1613AA55-8490-45F1-A6AB-0A2911470629}

""

(they're not all exactly like this.)

 

Then at the bottom the two buttons are covered.

It's kinda odd...I'm assuming they say allow on the left and deny on the right....I try to allways deny these

Screenshot Link: http://h1.ripway.com/chickeniam/screenshotSpybotSD.jpg

 

AND

 

whenever I'm offline (unplugged modem) it pops up randomly and tells me I'm offline and no internet connection is available.

 

 

I also found a whole bunch of random Empty Folders in y documents....

with names such as: "Security" "symbols" "system" "system32" "microsoft" "AppPatch" "assembly"

 

 

causing much grief. Help muchly mostly and greatly appreciated.

 

 

 

 

Here are my log files:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:04:34 AM, on 6/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {1613AA55-8490-45F1-A6AB-0A2911470629} - C:\WINDOWS\system32\nnnkj.dll

O2 - BHO: (no name) - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527} - C:\WINDOWS\system32\hggheef.dll

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Policies\Explorer\Run: [Altap] tskstsh

O4 - HKUS\S-1-5-19\..\RunOnce: [set] fuset.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [set] fuset.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [set] fuset.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [set] fuset.exe (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O20 - Winlogon Notify: hggheef - C:\WINDOWS\SYSTEM32\hggheef.dll

O20 - Winlogon Notify: nnnkj - C:\WINDOWS\system32\nnnkj.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 4289 bytes

 

 

 

 

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:55:05 AM 6/4/2007

 

+ Scan result:

 

 

 

C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\Content.IE5\OYQGXJEA\stkck[1].htm -> Downloader.Small.cwj : Cleaned.

E:\My Documents\Shared\(full) age of empires 2 no cd 38.rar/setup.exe -> Hijacker.Agent.hi : Cleaned.

:mozilla.115:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.116:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.117:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.118:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.119:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.120:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.121:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.122:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.123:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.124:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.125:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.126:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.127:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.128:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.129:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.130:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.131:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.132:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.133:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.134:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.135:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.136:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.137:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.138:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.139:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.140:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.141:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.142:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.143:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.144:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.145:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.146:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.147:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.148:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.149:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.150:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.151:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.152:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.153:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.154:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.155:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.156:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.157:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.158:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.159:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.160:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.161:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.162:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.163:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.164:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.165:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.166:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.167:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.168:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.359:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.434:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.176:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.177:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.648:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.190:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.191:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.32:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.822:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.238:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.239:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.240:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.823:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.257:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@com[1].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.183:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.184:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.185:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.186:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.211:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.212:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.213:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.

:mozilla.330:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.331:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.659:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.660:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.661:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.662:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.663:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.664:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.665:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.666:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.667:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.668:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.669:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.670:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.671:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.672:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.

:mozilla.852:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.853:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.854:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.366:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.

:mozilla.369:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.

:mozilla.370:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.

:mozilla.371:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.

:mozilla.379:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.380:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@search.live[2].txt -> TrackingCookie.Live : Cleaned.

:mozilla.791:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.792:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.793:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.794:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.766:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.24:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.

:mozilla.471:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.472:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.473:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.478:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@overture[1].txt -> TrackingCookie.Overture : Cleaned.

:mozilla.865:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.488:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.489:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.490:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.

:mozilla.494:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.495:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.496:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.510:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.511:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.512:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.513:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.11:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.12:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.13:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.14:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.15:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.22:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.518:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.519:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.520:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.521:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.522:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.523:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.524:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.525:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.526:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.527:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.528:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.529:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.678:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.237:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.538:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.539:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.540:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.541:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.542:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.187:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.188:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.189:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.557:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.558:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.559:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.560:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.561:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.568:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.569:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.570:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.571:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.587:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.588:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.589:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.590:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.591:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.592:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.593:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.596:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.597:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.773:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.111:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.651:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.652:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.653:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.654:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.655:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.656:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\slartibartfast\Local Settings\Temp\mst6C.tmp -> Trojan.Agent.qt : Cleaned.

C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\Content.IE5\K2UIG3YI\xc29[2].exe -> Trojan.Agent.qt : Cleaned.

C:\WINDOWS\Temp\mst1C4.tmp -> Trojan.Agent.qt : Cleaned.

C:\WINDOWS\system32\drvxiz.dll -> Trojan.Agent.qt : Cleaned.

C:\Program Files\Ipwindows\UnInstall.exe -> Trojan.Rond : Cleaned.

 

 

::Report end

 

 

Also created a startupList Report using HJT

 

 

StartupList report, 6/4/2007, 1:36:31 AM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.5730.0011)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Desktop Service Centre = C:\Program Files\OptusNet DSL Internet\DSC.exe

SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

SystemTray = SysTray.Exe

FmctrlTray = Fmctrl.EXE

ClamWin = "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

Control Center = C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

msnmsgr = "C:\Program Files\Messenger\msnmsgr.exe" /background

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\sstext3d.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\WINDOWS\system32\nnnkj.dll - {1613AA55-8490-45F1-A6AB-0A2911470629}

(no name) - C:\WINDOWS\system32\hggheef.dll - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527}

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

Altap = tskstsh

 

--------------------------------------------------

 

End of report, 4,973 bytes

Report generated in 0.221 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

Thanks in advance.

Simon

Edited by chickeniam

Share this post


Link to post
Share on other sites

Ok, so I was naughty and tried to fix everything myself. I hope it worked:

 

I ran:

COmbofix.ece

Peperfix.exe

SUPERAntiSpyware Free Edition

VundoFix.exe

Hijackthis

spybot S & D

AVG antispyware 7.5

 

and I'm going to install:

 

Firewall:

ZoneAlarm Free 7.0

 

and

 

Antivirus:

Antivir Personal WINX 7.0

 

 

Here is my hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:39:19 PM, on 6/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\ClamWin\bin\ClamTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 3288 bytes

 

 

THanks inadvance

simon

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi chickeniam, and Welcome to SWI

 

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

 

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Then, Download ResetTeaTimer.bat.

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Please don't forget this step to disable teatimer.

 

Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum in your next reply.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

 

Using Windows Explorer, delete this folder if still there:

C:\Program Files\Ipwindows

 

Delete your current copy of ComboFix as it's updated often, and download a new copy:

Download ComboFix© by sUBs from one of these links:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Save the file to your Desktop.

Double click combofix.exe & follow the prompts.

Don't click on the ComboFix window while its running; that could cause it to stall.

When finished, and after reboot, it should open a log, combofix.txt.

Post that log in your next reply.

 

Please post a new HijackThis log, the log from SDFix (Report.txt), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.

Share this post


Link to post
Share on other sites

THanks so much.

 

Heres reports:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:06:50 PM, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 3758 bytes

 

 

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

 

 

SDFix: Version 1.86

 

Run by slartibartfast - Mon 06/11/2007 - 22:41:35.60

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing SharedAccess Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\hook.dll - Deleted

C:\WINDOWS\system32\sms.exe - Deleted

C:\WINDOWS\system32\winamp.exe - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

Checking if ADS is attached to ntoskrnl.exe

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Listing Files with Hidden Attributes:

 

C:\WINDOWS\system32\config\default.tmp.LOG

C:\WINDOWS\system32\config\SAM.tmp.LOG

C:\WINDOWS\system32\config\SECURITY.tmp.LOG

C:\WINDOWS\system32\config\software.tmp.LOG

C:\WINDOWS\system32\config\system.tmp.LOG

 

Listing User Accounts:

 

User accounts for \\BASIL

 

Administrator ASPNET Guest

HelpAssistant slartibartfast SUPPORT_388945a0

 

 

Finished

Share this post


Link to post
Share on other sites

And the combofix report:

 

 

ComboFix 07-06-11.3 - C:\Documents and Settings\slartibartfast\Desktop\MalwareRemovealHELP\ComboFix.exe

"slartibartfast" - 2007-06-11 22:57:37 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

 

2007-06-08 00:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-07 06:39 <DIR> d--hs---- C:\WINDOWS\CSC

2007-06-06 15:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-06-05 13:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic

2007-06-05 12:51 75,512 --a------ C:\WINDOWS\zllsputility.exe

2007-06-05 12:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-06-05 12:51 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-06-05 12:50 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-06-05 12:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-06-05 12:45 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-06-05 11:25 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-05 10:45 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-06-05 10:30 <DIR> d-------- C:\VundoFix Backups

2007-06-05 09:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-06-05 09:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-06-04 23:05 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys

2007-06-03 23:15 <DIR> d-------- C:\Program Files\Common Files\??pPatch

2007-06-03 23:07 <DIR> d-------- C:\WINDOWS\çasks

2007-06-03 23:07 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 23:06 <DIR> d---s---- C:\WINDOWS\system32\??crosoft

2007-06-03 23:05 <DIR> d-------- C:\WINDOWS\system32\a?sembly

2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?asks

2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET

2007-06-03 23:03 <DIR> d---s---- C:\WINDOWS\system32\??crosoft

2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\M?crosoft.NET

2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\??crosoft

2007-06-03 23:02 <DIR> d-------- C:\Program Files\Common Files\?ystem32

2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\?asks

2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\??sks

2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\çasks

2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\A?pPatch

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\ç?sks

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\à?pPatch

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\F?nts

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\A?pPatch

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\ç?sks

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\à?pPatch

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?stem

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?curity

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\?ymantec

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??sks

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??curity

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\M?crosoft

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\?icrosoft

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??pPatch

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??mantec

2007-06-03 23:00 <DIR> d-------- C:\Program Files\Common Files\s?stem

2007-06-03 22:59 <DIR> dr--s---- C:\WINDOWS\a?sembly

2007-06-03 22:59 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\ç?sks

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\F?nts

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??pPatch

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\?icrosoft.NET

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\??crosoft

2007-06-03 22:59 <DIR> d-------- C:\Program Files\Common Files\??crosoft

2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\T?sks

2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\W?nSxS

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\S?mantec

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\s?mbols

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\S?mantec

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??stem

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??curity

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??crosoft.NET

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\W?nSxS

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\s?curity

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?ymantec

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?icrosoft

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?dobe

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\??stem32

2007-06-03 22:57 <DIR> dr--s---- C:\WINDOWS\F?nts

2007-06-03 22:57 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\W?nSxS

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àppPatch

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àdobe

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\T?sks

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\s?stem32

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ystem32

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?racle

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ppPatch

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\??sembly

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\??mantec

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\?ecurity

2007-06-03 22:57 <DIR> d-------- C:\Program Files\T?sks

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\çasks

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\s?stem32

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\s?mbols

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\S?mantec

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\F?nts

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\?ymbols

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\?icrosoft

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\?ecurity

2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\??sks

2007-06-03 22:56 <DIR> dr--s---- C:\WINDOWS\F?nts

2007-06-03 22:56 <DIR> dr--s---- C:\WINDOWS\?ssembly

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-07 14:50:42 -------- d-----w C:\Program Files\DivX

2007-06-06 12:58:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\gtk-2.0

2007-06-05 05:35:28 -------- d-----w C:\Program Files\ClamWin

2007-06-05 02:28:33 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\SUPERAntiSpyware.com

2007-06-05 02:28:26 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-06-03 13:15:54 -------- d-----w C:\Program Files\Common Files\??pPatch

2007-06-03 13:11:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem32

2007-06-03 13:10:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\A?pPatch

2007-06-03 13:07:38 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 13:05:58 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem32

2007-06-03 13:05:56 -------- d-----w C:\Program Files\Common Files\?asks

2007-06-03 13:05:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch

2007-06-03 13:05:25 -------- d-----w C:\Program Files\Common Files\??crosoft.NET

2007-06-03 13:05:02 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 13:04:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch

2007-06-03 13:02:35 -------- d-----w C:\Program Files\Common Files\?ystem32

2007-06-03 13:02:18 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET

2007-06-03 13:02:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem32

2007-06-03 13:01:37 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts

2007-06-03 13:01:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ssembly

2007-06-03 13:01:17 -------- d-----w C:\Program Files\Common Files\??sks

2007-06-03 13:01:04 -------- d-----w C:\Program Files\Common Files\??pPatch

2007-06-03 13:00:21 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft

2007-06-03 12:59:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks

2007-06-03 12:59:33 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks

2007-06-03 12:59:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\a?sembly

2007-06-03 12:59:15 -------- d-----w C:\Program Files\Common Files\??crosoft

2007-06-03 12:59:15 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft

2007-06-03 12:58:58 -------- d-----w C:\Program Files\Common Files\?dobe

2007-06-03 12:58:55 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymbols

2007-06-03 12:58:53 -------- d-----w C:\Program Files\Common Files\??stem32

2007-06-03 12:58:48 -------- d-----w C:\Program Files\Common Files\?ymantec

2007-06-03 12:58:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET

2007-06-03 12:58:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks

2007-06-03 12:58:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?curity

2007-06-03 12:58:41 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch

2007-06-03 12:58:37 -------- d-----w C:\Program Files\Common Files\?icrosoft

2007-06-03 12:58:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch

2007-06-03 12:58:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??curity

2007-06-03 12:58:17 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle

2007-06-03 12:58:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft

2007-06-03 12:58:07 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle

2007-06-03 12:58:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe

2007-06-03 12:57:49 -------- d-----w C:\Program Files\Common Files\??sks

2007-06-03 12:57:47 -------- d-----w C:\Program Files\Common Files\?ymbols

2007-06-03 12:57:28 -------- d-----w C:\Program Files\Common Files\?asks

2007-06-03 12:57:28 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks

2007-06-03 12:57:27 -------- d-----w C:\Program Files\Common Files\?icrosoft

2007-06-03 12:57:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft

2007-06-03 12:57:22 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?mbols

2007-06-03 12:57:14 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft.NET

2007-06-03 12:57:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mantec

2007-06-03 12:57:06 -------- d-----w C:\Program Files\Common Files\?ecurity

2007-06-03 12:57:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ecurity

2007-06-03 12:57:05 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts

2007-06-03 12:57:04 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymantec

2007-06-03 12:57:03 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET

2007-06-03 12:56:58 -------- d-----w C:\Program Files\Common Files\??crosoft

2007-06-03 12:56:54 -------- d-----w C:\Program Files\Common Files\?ppPatch

2007-06-03 12:56:53 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe

2007-06-03 12:56:48 -------- d-----w C:\Program Files\Common Files\?ssembly

2007-06-03 12:56:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem

2007-06-03 12:56:44 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\T?sks

2007-06-03 12:56:43 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem

2007-06-03 12:56:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET

2007-06-03 12:56:35 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mbols

2007-06-03 12:56:32 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft

2007-06-03 12:56:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sembly

2007-06-03 12:56:27 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET

2007-06-03 12:56:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\W?nSxS

2007-06-03 12:56:25 -------- d-----w C:\Program Files\Common Files\??stem

2007-06-03 12:56:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem

2007-06-03 12:56:24 -------- d-----w C:\Program Files\Common Files\?dobe

2007-06-03 12:56:19 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\S?mantec

2007-06-03 12:56:17 -------- d-----w C:\Program Files\Common Files\??sembly

2007-06-03 12:56:12 -------- d-----w C:\Program Files\Common Files\?racle

2007-06-03 12:56:09 -------- d-----w C:\Program Files\Common Files\??curity

2007-06-03 12:56:08 -------- d-----w C:\Program Files\Common Files\?ppPatch

2007-06-03 12:56:07 -------- d-----w C:\Program Files\Common Files\?racle

2007-06-03 12:56:06 -------- d-----w C:\Program Files\Common Files\??mantec

2007-06-03 07:36:20 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\SpywareBot

2007-06-03 03:44:00 -------- d-----w C:\Program Files\Common Files\??mbols

2007-06-03 03:43:59 -------- d-----w C:\Program Files\Common Files\?ystem

2007-06-02 01:27:04 19 -c--a-w C:\WINDOWS\popcinfo.dat

2007-05-08 23:03:54 -------- d-----w C:\Program Files\GIMP-2.0

2007-05-08 23:02:40 -------- d-----w C:\Program Files\Common Files\GTK

2007-04-30 01:50:58 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-04-30 01:50:23 -------- d-----w C:\Program Files\ASUS

2007-04-30 01:49:46 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-30 01:09:24 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-04-26 07:43:14 -------- d-----w C:\Program Files\SAMSUNG

2007-04-24 00:54:53 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\Apple Computer

2007-04-24 00:54:20 -------- d-----w C:\Program Files\iTunes

2007-04-24 00:54:05 -------- d-----w C:\Program Files\iPod

2007-04-18 15:16:22 -------- d-----w C:\Program Files\QuickTime

2007-04-14 01:48:27 -------- d-----w C:\Program Files\dumdumSAMSUNG

2007-03-15 02:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll

2007-03-15 02:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll

2007-03-14 22:04:35 1,404 -c--a-w C:\WINDOWS\mozver.dat

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2004-01-12 20:04]

"FmctrlTray"="Fmctrl.EXE" [2001-08-20 20:47 C:\WINDOWS\system32\fmctrl.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-12-17 13:48]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 22:20]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Messenger\msnmsgr.exe" [2005-08-13 12:44]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-01 10:00]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"=0 (0x0)

"SynchronousUserGroupPolicy"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoLowDiskSpaceChecks"=1 (0x1)

"NoRecentDocsHistory"=00000000

"MaxRecentDocs"=10 (0xa)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]

 

*Newly Created Service* - HELPSVC

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-11 23:00:48

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-11 23:03:01

C:\ComboFix-quarantined-files.txt ... 2007-06-11 23:02

C:\ComboFix2.txt ... 2007-06-05 11:25

 

--- E O F ---

 

 

The only error I encountered was......Combofix never rebooted my machine, it just displayed it's report txt.

 

thanks again...

Share this post


Link to post
Share on other sites

Please run Notepad and copy & paste the text inside the code box (starting with @echo off and ending with dp0log.txt") into a new file:

 

@echo off
(
chcp
set&echo.
cd /d "%systemroot%" && dir /ad/x/tc/o-d
cd /d "%systemroot%" && dir /ad/x/tc/o-d
cd /d "%commonprogramfiles%" && dir /ad/x/tc/o-d
cd /d "%programfiles%" && dir /ad/x/tc/o-d
cd /d %AppData% && dir /ad/x/tc/o-d
)>"%~dp0log.txt"
start notepad "%~dp0log.txt"

 

Save the file to the Desktop as look.bat, and make sure the "Save as type" field says "All files". Then double-click on the look.bat file on the desktop. This will open Notepad with some text. Please post the contents in your next reply.

 

Please post a new HijackThis log, the text from running the above batch file, and in a second reply (due to possible length) the contents of the file C:\ComboFix2.txt dated 2007-06-05 11:25.

Share this post


Link to post
Share on other sites

ok.

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:52:01 PM, on 6/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 3707 bytes

 

 

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

 

 

Active code page: 437

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\slartibartfast\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=BASIL

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\slartibartfast

LOGONSERVER=\\BASIL

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0703

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp

TMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp

tvdumpflags=8

USERDOMAIN=BASIL

USERNAME=slartibartfast

USERPROFILE=C:\Documents and Settings\slartibartfast

windir=C:\WINDOWS

 

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\WINDOWS

 

06/07/2007 06:39 AM <DIR> CSC

06/06/2007 03:05 PM <DIR> SxsCaPendDel

06/05/2007 12:45 PM <DIR> Internet Logs

06/05/2007 11:27 AM <DIR> TEMP

06/05/2007 11:17 AM <DIR> erdnt

06/03/2007 11:07 PM <DIR> çasks

06/03/2007 11:03 PM <DIR> ??crosoft

06/03/2007 11:03 PM <DIR> M?crosoft.NET

06/03/2007 11:01 PM <DIR> ??sks

06/03/2007 11:01 PM <DIR> ?asks

06/03/2007 11:00 PM <DIR> ??pPatch

06/03/2007 11:00 PM <DIR> M?crosoft

06/03/2007 11:00 PM <DIR> ?icrosoft

06/03/2007 11:00 PM <DIR> ??mantec

06/03/2007 10:59 PM <DIR> ç?sks

06/03/2007 10:59 PM <DIR> a?sembly

06/03/2007 10:59 PM <DIR> ?icrosoft.NET

06/03/2007 10:59 PM <DIR> ??crosoft

06/03/2007 10:58 PM <DIR> ??crosoft.NET

06/03/2007 10:58 PM <DIR> s?mbols

06/03/2007 10:58 PM <DIR> ??curity

06/03/2007 10:58 PM <DIR> T?sks

06/03/2007 10:58 PM <DIR> ??stem

06/03/2007 10:58 PM <DIR> S?mantec

06/03/2007 10:57 PM <DIR> ?ecurity

06/03/2007 10:57 PM <DIR> W?nSxS

06/03/2007 10:57 PM <DIR> F?nts

06/03/2007 10:56 PM <DIR> ?ppPatch

06/03/2007 10:56 PM <DIR> ?dobe

06/03/2007 10:56 PM <DIR> s?stem32

06/03/2007 10:56 PM <DIR> à?pPatch

06/03/2007 10:56 PM <DIR> ?ssembly

06/03/2007 10:56 PM <DIR> s?stem

06/03/2007 10:56 PM <DIR> ?icrosoft.NET

06/03/2007 10:56 PM <DIR> F?nts

06/03/2007 10:56 PM <DIR> ?ymantec

06/03/2007 10:56 PM <DIR> ??crosoft.NET

06/03/2007 10:56 PM <DIR> ??sembly

06/03/2007 10:56 PM <DIR> ?ymbols

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ?ystem32

06/03/2007 10:56 PM <DIR> ??stem32

06/03/2007 10:56 PM <DIR> s?curity

06/03/2007 10:56 PM <DIR> ?ystem

06/03/2007 10:56 PM <DIR> àppPatch

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ?icrosoft

06/03/2007 01:44 PM <DIR> àdobe

06/03/2007 01:44 PM <DIR> ??mbols

05/31/2007 03:08 AM <DIR> assembly

05/31/2007 03:06 AM <DIR> Microsoft.NET

03/13/2007 10:53 PM <DIR> Datalcrn

02/11/2007 10:14 PM <DIR> Minidump

02/05/2007 09:36 PM <DIR> Downloaded Installations

01/29/2007 01:48 PM <DIR> ShellNew

01/26/2007 10:17 PM <DIR> INSTAL~1 Installer

01/26/2007 10:06 PM <DIR> PeerNet

01/26/2007 10:06 PM <DIR> ehome

01/26/2007 10:06 PM <DIR> pchealth

01/26/2007 10:06 PM <DIR> Motorola

01/26/2007 10:06 PM <DIR> WinSxS

01/26/2007 10:06 PM <DIR> ime

01/26/2007 10:06 PM <DIR> mui

01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning

01/26/2007 10:06 PM <DIR> RESOUR~1 Resources

01/26/2007 10:06 PM <DIR> AppPatch

01/26/2007 10:06 PM <DIR> Debug

01/26/2007 10:06 PM <DIR> twain_32

01/26/2007 10:06 PM <DIR> msapps

01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache

01/26/2007 10:06 PM <DIR> security

01/26/2007 10:06 PM <DIR> Fonts

01/26/2007 10:06 PM <DIR> Media

01/26/2007 10:06 PM <DIR> java

01/26/2007 10:06 PM <DIR> Cursors

01/26/2007 10:06 PM <DIR> Help

01/26/2007 10:06 PM <DIR> Web

01/26/2007 10:06 PM <DIR> msagent

01/26/2007 10:06 PM <DIR> inf

01/26/2007 10:06 PM <DIR> repair

01/26/2007 10:06 PM <DIR> system

01/26/2007 10:06 PM <DIR> ..

01/26/2007 10:06 PM <DIR> .

01/26/2007 10:06 PM <DIR> system32

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:53 PM <DIR> WBEM

01/26/2007 04:51 PM <DIR> ie7

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$

01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$

01/26/2007 04:49 PM <DIR> $hf_mig$

01/26/2007 03:28 PM <DIR> msdownld.tmp

01/26/2007 12:14 PM <DIR> SoftwareDistribution

01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages

01/26/2007 11:56 AM <DIR> DOWNLO~1 Downloaded Program Files

01/26/2007 11:54 AM <DIR> Tasks

01/26/2007 11:54 AM <DIR> srchasst

01/26/2007 11:51 AM <DIR> REGIST~1 Registration

0 File(s) 0 bytes

98 Dir(s) 5,366,390,784 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\WINDOWS

 

06/07/2007 06:39 AM <DIR> CSC

06/06/2007 03:05 PM <DIR> SxsCaPendDel

06/05/2007 12:45 PM <DIR> Internet Logs

06/05/2007 11:27 AM <DIR> TEMP

06/05/2007 11:17 AM <DIR> erdnt

06/03/2007 11:07 PM <DIR> çasks

06/03/2007 11:03 PM <DIR> ??crosoft

06/03/2007 11:03 PM <DIR> M?crosoft.NET

06/03/2007 11:01 PM <DIR> ??sks

06/03/2007 11:01 PM <DIR> ?asks

06/03/2007 11:00 PM <DIR> ??pPatch

06/03/2007 11:00 PM <DIR> M?crosoft

06/03/2007 11:00 PM <DIR> ?icrosoft

06/03/2007 11:00 PM <DIR> ??mantec

06/03/2007 10:59 PM <DIR> ç?sks

06/03/2007 10:59 PM <DIR> a?sembly

06/03/2007 10:59 PM <DIR> ?icrosoft.NET

06/03/2007 10:59 PM <DIR> ??crosoft

06/03/2007 10:58 PM <DIR> ??crosoft.NET

06/03/2007 10:58 PM <DIR> s?mbols

06/03/2007 10:58 PM <DIR> ??curity

06/03/2007 10:58 PM <DIR> T?sks

06/03/2007 10:58 PM <DIR> ??stem

06/03/2007 10:58 PM <DIR> S?mantec

06/03/2007 10:57 PM <DIR> ?ecurity

06/03/2007 10:57 PM <DIR> W?nSxS

06/03/2007 10:57 PM <DIR> F?nts

06/03/2007 10:56 PM <DIR> ?ppPatch

06/03/2007 10:56 PM <DIR> ?dobe

06/03/2007 10:56 PM <DIR> s?stem32

06/03/2007 10:56 PM <DIR> à?pPatch

06/03/2007 10:56 PM <DIR> ?ssembly

06/03/2007 10:56 PM <DIR> s?stem

06/03/2007 10:56 PM <DIR> ?icrosoft.NET

06/03/2007 10:56 PM <DIR> F?nts

06/03/2007 10:56 PM <DIR> ?ymantec

06/03/2007 10:56 PM <DIR> ??crosoft.NET

06/03/2007 10:56 PM <DIR> ??sembly

06/03/2007 10:56 PM <DIR> ?ymbols

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ?ystem32

06/03/2007 10:56 PM <DIR> ??stem32

06/03/2007 10:56 PM <DIR> s?curity

06/03/2007 10:56 PM <DIR> ?ystem

06/03/2007 10:56 PM <DIR> àppPatch

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ?icrosoft

06/03/2007 01:44 PM <DIR> àdobe

06/03/2007 01:44 PM <DIR> ??mbols

05/31/2007 03:08 AM <DIR> assembly

05/31/2007 03:06 AM <DIR> Microsoft.NET

03/13/2007 10:53 PM <DIR> Datalcrn

02/11/2007 10:14 PM <DIR> Minidump

02/05/2007 09:36 PM <DIR> Downloaded Installations

01/29/2007 01:48 PM <DIR> ShellNew

01/26/2007 10:17 PM <DIR> INSTAL~1 Installer

01/26/2007 10:06 PM <DIR> PeerNet

01/26/2007 10:06 PM <DIR> ehome

01/26/2007 10:06 PM <DIR> pchealth

01/26/2007 10:06 PM <DIR> Motorola

01/26/2007 10:06 PM <DIR> WinSxS

01/26/2007 10:06 PM <DIR> ime

01/26/2007 10:06 PM <DIR> mui

01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning

01/26/2007 10:06 PM <DIR> RESOUR~1 Resources

01/26/2007 10:06 PM <DIR> AppPatch

01/26/2007 10:06 PM <DIR> Debug

01/26/2007 10:06 PM <DIR> twain_32

01/26/2007 10:06 PM <DIR> msapps

01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache

01/26/2007 10:06 PM <DIR> security

01/26/2007 10:06 PM <DIR> Fonts

01/26/2007 10:06 PM <DIR> Media

01/26/2007 10:06 PM <DIR> java

01/26/2007 10:06 PM <DIR> Cursors

01/26/2007 10:06 PM <DIR> Help

01/26/2007 10:06 PM <DIR> Web

01/26/2007 10:06 PM <DIR> msagent

01/26/2007 10:06 PM <DIR> inf

01/26/2007 10:06 PM <DIR> repair

01/26/2007 10:06 PM <DIR> system

01/26/2007 10:06 PM <DIR> ..

01/26/2007 10:06 PM <DIR> .

01/26/2007 10:06 PM <DIR> system32

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:53 PM <DIR> WBEM

01/26/2007 04:51 PM <DIR> ie7

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$

01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$

01/26/2007 04:49 PM <DIR> $hf_mig$

01/26/2007 03:28 PM <DIR> msdownld.tmp

01/26/2007 12:14 PM <DIR> SoftwareDistribution

01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages

01/26/2007 11:56 AM <DIR> DOWNLO~1 Downloaded Program Files

01/26/2007 11:54 AM <DIR> Tasks

01/26/2007 11:54 AM <DIR> srchasst

01/26/2007 11:51 AM <DIR> REGIST~1 Registration

0 File(s) 0 bytes

98 Dir(s) 5,366,382,592 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Program Files\Common Files

 

06/03/2007 11:15 PM <DIR> ??pPatch

06/03/2007 11:07 PM <DIR> ?icrosoft.NET

06/03/2007 11:05 PM <DIR> ?asks

06/03/2007 11:05 PM <DIR> ??crosoft.NET

06/03/2007 11:05 PM <DIR> ?icrosoft.NET

06/03/2007 11:02 PM <DIR> ?ystem32

06/03/2007 11:01 PM <DIR> A?pPatch

06/03/2007 11:01 PM <DIR> ç?sks

06/03/2007 11:01 PM <DIR> F?nts

06/03/2007 11:01 PM <DIR> à?pPatch

06/03/2007 11:00 PM <DIR> s?stem

06/03/2007 10:59 PM <DIR> ??crosoft

06/03/2007 10:58 PM <DIR> ?dobe

06/03/2007 10:58 PM <DIR> ??stem32

06/03/2007 10:58 PM <DIR> ?ymantec

06/03/2007 10:58 PM <DIR> s?curity

06/03/2007 10:58 PM <DIR> ?icrosoft

06/03/2007 10:58 PM <DIR> W?nSxS

06/03/2007 10:57 PM <DIR> S?mantec

06/03/2007 10:57 PM <DIR> ??sks

06/03/2007 10:57 PM <DIR> s?mbols

06/03/2007 10:57 PM <DIR> ?ymbols

06/03/2007 10:57 PM <DIR> çasks

06/03/2007 10:57 PM <DIR> ?icrosoft

06/03/2007 10:57 PM <DIR> M?crosoft

06/03/2007 10:57 PM <DIR> F?nts

06/03/2007 10:57 PM <DIR> s?stem32

06/03/2007 10:57 PM <DIR> ?ecurity

06/03/2007 10:56 PM <DIR> ??crosoft

06/03/2007 10:56 PM <DIR> ?ppPatch

06/03/2007 10:56 PM <DIR> ?ssembly

06/03/2007 10:56 PM <DIR> a?sembly

06/03/2007 10:56 PM <DIR> ??crosoft.NET

06/03/2007 10:56 PM <DIR> T?sks

06/03/2007 10:56 PM <DIR> ??stem

06/03/2007 10:56 PM <DIR> àdobe

06/03/2007 10:56 PM <DIR> ??sembly

06/03/2007 10:56 PM <DIR> M?crosoft.NET

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ??curity

06/03/2007 10:56 PM <DIR> àppPatch

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ??mantec

06/03/2007 01:44 PM <DIR> ??mbols

06/03/2007 01:43 PM <DIR> ?ystem

05/09/2007 09:02 AM <DIR> GTK

04/03/2007 03:03 PM <DIR> Wise Installation Wizard

01/29/2007 01:49 PM <DIR> Designer

01/28/2007 06:42 PM <DIR> Adobe

01/26/2007 10:17 PM <DIR> ODBC

01/26/2007 10:17 PM <DIR> SPEECH~1 SpeechEngines

01/26/2007 10:17 PM <DIR> MICROS~1 Microsoft Shared

01/26/2007 10:17 PM <DIR> .

01/26/2007 10:17 PM <DIR> ..

01/26/2007 03:27 PM <DIR> InstallShield

01/26/2007 11:54 AM <DIR> Services

01/26/2007 11:54 AM <DIR> MSSoap

01/26/2007 11:53 AM <DIR> System

0 File(s) 0 bytes

58 Dir(s) 5,366,366,208 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Program Files

 

06/06/2007 03:06 PM <DIR> Adobe

06/05/2007 01:14 PM <DIR> AntiVir PersonalEdition Classic

06/05/2007 12:45 PM <DIR> Zone Labs

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware

06/03/2007 11:24 PM <DIR> Grisoft

06/03/2007 10:57 PM <DIR> T?sks

06/03/2007 05:37 PM <DIR> Spybot - Search & Destroy

06/03/2007 01:51 PM <DIR> AnVir Virus Destroyer

06/02/2007 12:46 AM <DIR> Sierra

05/15/2007 12:40 PM <DIR> Enigma Software Group

05/09/2007 09:03 AM <DIR> GIMP-2.0

04/30/2007 11:09 AM <DIR> ASUS

04/24/2007 10:54 AM <DIR> iPod

04/24/2007 10:53 AM <DIR> iTunes

04/19/2007 01:15 AM <DIR> QuickTime

04/14/2007 01:04 PM <DIR> SAMSUNG

04/14/2007 11:35 AM <DIR> dumdumSAMSUNG

04/03/2007 03:04 PM <DIR> EndNote 9

03/22/2007 08:26 PM <DIR> DivX

03/07/2007 11:04 AM <DIR> Cucusoft

02/18/2007 05:55 PM <DIR> Audacity

02/11/2007 10:03 PM <DIR> TVPaint Developpement

02/11/2007 08:32 PM <DIR> VideoLAN

02/11/2007 05:54 PM <DIR> Ambient Design

02/11/2007 02:07 PM <DIR> BitLord

02/05/2007 09:36 PM <DIR> BOINC

02/05/2007 01:10 AM <DIR> Opera

02/02/2007 09:55 PM <DIR> ClamWin

02/02/2007 09:51 PM <DIR> WinRAR

01/29/2007 01:50 PM <DIR> Microsoft ActiveSync

01/29/2007 01:48 PM <DIR> Microsoft Office

01/26/2007 10:17 PM <DIR> COMMON~1 Common Files

01/26/2007 10:17 PM <DIR> ..

01/26/2007 10:17 PM <DIR> .

01/26/2007 04:33 PM <DIR> Java

01/26/2007 03:46 PM <DIR> Mozilla Firefox

01/26/2007 03:27 PM <DIR> D-Link

01/26/2007 03:27 PM <DIR> InstallShield Installation Information

01/26/2007 03:27 PM <DIR> OptusNet DSL Internet

01/26/2007 12:17 PM <DIR> Uninstall Information

01/26/2007 12:01 PM <DIR> xerox

01/26/2007 12:01 PM <DIR> MSNGAM~1 msn gaming zone

01/26/2007 12:01 PM <DIR> MICROS~1 microsoft frontpage

01/26/2007 11:56 AM <DIR> WINDOW~3 WindowsUpdate

01/26/2007 11:55 AM <DIR> ONLINE~1 Online Services

01/26/2007 11:54 AM <DIR> MOVIEM~1 Movie Maker

01/26/2007 11:53 AM <DIR> NETMEE~1 NetMeeting

01/26/2007 11:53 AM <DIR> OUTLOO~1 Outlook Express

01/26/2007 11:53 AM <DIR> INTERN~1 Internet Explorer

01/26/2007 11:51 AM <DIR> WINDOW~2 Windows Media Player

01/26/2007 11:50 AM <DIR> MESSEN~1 Messenger

01/26/2007 11:50 AM <DIR> WINDOW~1 Windows NT

0 File(s) 0 bytes

52 Dir(s) 5,366,366,208 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Documents and Settings\slartibartfast\Application Data

 

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware.com

06/03/2007 11:11 PM <DIR> ??stem32

06/03/2007 11:10 PM <DIR> A?pPatch

06/03/2007 11:05 PM <DIR> s?stem32

06/03/2007 11:05 PM <DIR> à?pPatch

06/03/2007 11:04 PM <DIR> àppPatch

06/03/2007 11:02 PM <DIR> ??crosoft.NET

06/03/2007 11:02 PM <DIR> ?ystem32

06/03/2007 11:01 PM <DIR> F?nts

06/03/2007 11:01 PM <DIR> ?ssembly

06/03/2007 11:00 PM <DIR> ??crosoft

06/03/2007 10:59 PM <DIR> ?asks

06/03/2007 10:59 PM <DIR> ç?sks

06/03/2007 10:59 PM <DIR> a?sembly

06/03/2007 10:59 PM <DIR> ??crosoft

06/03/2007 10:58 PM <DIR> ?ymbols

06/03/2007 10:58 PM <DIR> ??crosoft.NET

06/03/2007 10:58 PM <DIR> ??sks

06/03/2007 10:58 PM <DIR> s?curity

06/03/2007 10:58 PM <DIR> ?ppPatch

06/03/2007 10:58 PM <DIR> ??pPatch

06/03/2007 10:58 PM <DIR> ??curity

06/03/2007 10:58 PM <DIR> ?racle

06/03/2007 10:58 PM <DIR> ?icrosoft

06/03/2007 10:58 PM <DIR> ?racle

06/03/2007 10:58 PM <DIR> àdobe

06/03/2007 10:57 PM <DIR> çasks

06/03/2007 10:57 PM <DIR> M?crosoft

06/03/2007 10:57 PM <DIR> s?mbols

06/03/2007 10:57 PM <DIR> M?crosoft.NET

06/03/2007 10:57 PM <DIR> ??mantec

06/03/2007 10:57 PM <DIR> ?ecurity

06/03/2007 10:57 PM <DIR> F?nts

06/03/2007 10:57 PM <DIR> ?ymantec

06/03/2007 10:57 PM <DIR> ?icrosoft.NET

06/03/2007 10:56 PM <DIR> ?dobe

06/03/2007 10:56 PM <DIR> s?stem

06/03/2007 10:56 PM <DIR> T?sks

06/03/2007 10:56 PM <DIR> ?ystem

06/03/2007 10:56 PM <DIR> ??mbols

06/03/2007 10:56 PM <DIR> ?icrosoft

06/03/2007 10:56 PM <DIR> ??sembly

06/03/2007 10:56 PM <DIR> ?icrosoft.NET

06/03/2007 10:56 PM <DIR> W?nSxS

06/03/2007 10:56 PM <DIR> ??stem

06/03/2007 10:56 PM <DIR> S?mantec

06/03/2007 05:13 PM <DIR> SpywareBot

05/09/2007 09:07 AM <DIR> gtk-2.0

04/03/2007 03:06 PM <DIR> EndNote

04/03/2007 12:44 PM <DIR> GetRightToGo

02/11/2007 10:05 PM <DIR> tvpaint animation

02/11/2007 08:37 PM <DIR> vlc

02/11/2007 08:35 PM <DIR> COWON

02/11/2007 05:55 PM <DIR> Ambient Design

02/06/2007 11:01 AM <DIR> Apple Computer

02/05/2007 01:11 AM <DIR> Opera

01/28/2007 07:04 PM <DIR> Adobe

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:32 PM <DIR> Macromedia

01/26/2007 03:46 PM <DIR> Mozilla

01/26/2007 12:17 PM <DIR> Identities

01/26/2007 12:17 PM <DIR> ..

01/26/2007 12:17 PM <DIR> .

01/26/2007 12:17 PM <DIR> Microsoft

0 File(s) 0 bytes

64 Dir(s) 5,366,366,208 bytes free

 

 

 

 

...etc...

Share this post


Link to post
Share on other sites

"slartibartfast" - 2007-06-05 11:08:42 Service Pack 2 NTFS

ComboFix 07-06-3 - Running from: "C:\Documents and Settings\slartibartfast\Desktop\"

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

-- Purity Folders:

C:\DOCUME~1\slartibartfast\Application Data\?ecurity

C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET

C:\DOCUME~1\slartibartfast\Application Data\?racle

C:\DOCUME~1\slartibartfast\Application Data\?ssembly

C:\DOCUME~1\slartibartfast\Application Data\?ymantec

C:\DOCUME~1\slartibartfast\Application Data\?ymbols

C:\DOCUME~1\slartibartfast\Application Data\?ystem

C:\DOCUME~1\slartibartfast\Application Data\?ystem32

C:\DOCUME~1\slartibartfast\Application Data\A?pPatch

C:\DOCUME~1\slartibartfast\Application Data\a?sembly

C:\DOCUME~1\slartibartfast\Application Data\Adobe

C:\DOCUME~1\slartibartfast\Application Data\F?nts

C:\DOCUME~1\slartibartfast\Application Data\M?crosoft.NET

C:\DOCUME~1\slartibartfast\Application Data\Microsoft

C:\DOCUME~1\slartibartfast\Application Data\s?curity

C:\DOCUME~1\slartibartfast\Application Data\S?mantec

C:\DOCUME~1\slartibartfast\Application Data\s?mbols

C:\DOCUME~1\slartibartfast\Application Data\s?stem

C:\DOCUME~1\slartibartfast\Application Data\s?stem32

C:\DOCUME~1\slartibartfast\Application Data\T?sks

C:\DOCUME~1\slartibartfast\Application Data\W?nSxS

C:\DOCUME~1\slartibartfast\Application Data\àppPatch

C:\DOCUME~1\slartibartfast\Application Data\àppPatch

C:\DOCUME~1\slartibartfast\Application Data\çasks

C:\DOCUME~1\slartibartfast\Application Data\çasks

C:\DOCUME~1\slartibartfast\Desktop\internet.lnk

C:\DOCUME~1\slartibartfast\My Documents\??pPatch

C:\DOCUME~1\slartibartfast\My Documents\?racle

C:\DOCUME~1\slartibartfast\My Documents\M?crosoft

C:\DOCUME~1\slartibartfast\My Documents\M?crosoft.NET

C:\DOCUME~1\slartibartfast\My Documents\S?mantec

C:\DOCUME~1\slartibartfast\My Documents\T?sks

C:\DOCUME~1\slartibartfast\My Documents\àdobe

C:\Program Files\?ecurity

C:\Program Files\?icrosoft

C:\Program Files\?icrosoft.NET

C:\Program Files\?racle

C:\Program Files\?ssembly

C:\Program Files\?ymantec

C:\Program Files\?ymbols

C:\Program Files\?ystem

C:\Program Files\?ystem32

C:\Program Files\A?pPatch

C:\Program Files\a?sembly

C:\Program Files\Adobe

C:\Program Files\Common Files\?ecurity

C:\Program Files\Common Files\?icrosoft

C:\Program Files\Common Files\?icrosoft.NET

C:\Program Files\Common Files\?racle

C:\Program Files\Common Files\?ssembly

C:\Program Files\Common Files\?ymantec

C:\Program Files\Common Files\?ymbols

C:\Program Files\Common Files\?ystem32

C:\Program Files\Common Files\A?pPatch

C:\Program Files\Common Files\a?sembly

C:\Program Files\Common Files\Adobe

C:\Program Files\Common Files\F?nts

C:\Program Files\Common Files\M?crosoft

C:\Program Files\Common Files\M?crosoft.NET

C:\Program Files\Common Files\s?curity

C:\Program Files\Common Files\S?mantec

C:\Program Files\Common Files\s?mbols

C:\Program Files\Common Files\s?stem32

C:\Program Files\Common Files\System

C:\Program Files\Common Files\T?sks

C:\Program Files\Common Files\W?nSxS

C:\Program Files\Common Files\àppPatch

C:\Program Files\Common Files\àppPatch

C:\Program Files\Common Files\çasks

C:\Program Files\Common Files\çasks

C:\Program Files\F?nts

C:\Program Files\inetget2

C:\Program Files\M?crosoft

C:\Program Files\M?crosoft.NET

C:\Program Files\s?curity

C:\Program Files\S?mantec

C:\Program Files\s?mbols

C:\Program Files\s?stem

C:\Program Files\s?stem32

C:\Program Files\T?sks

C:\Program Files\W?nSxS

C:\Program Files\àppPatch

C:\Program Files\àppPatch

C:\Program Files\çasks

C:\Program Files\çasks

C:\WINDOWS\?icrosoft

C:\WINDOWS\?racle

C:\WINDOWS\?ymantec

C:\WINDOWS\?ymbols

C:\WINDOWS\AppPatch

C:\WINDOWS\assembly

C:\WINDOWS\Fonts

C:\WINDOWS\M?crosoft

C:\WINDOWS\Microsoft.NET

C:\WINDOWS\S?mantec

C:\WINDOWS\s?mbols

C:\WINDOWS\security

C:\WINDOWS\smgr.exe

C:\WINDOWS\system

C:\WINDOWS\system32

C:\WINDOWS\system32\?ecurity

C:\WINDOWS\system32\?icrosoft.NET

C:\WINDOWS\system32\?racle

C:\WINDOWS\system32\?ssembly

C:\WINDOWS\system32\?ymantec

C:\WINDOWS\system32\?ymbols

C:\WINDOWS\system32\?ystem

C:\WINDOWS\system32\?ystem32

C:\WINDOWS\system32\A?pPatch

C:\WINDOWS\system32\a?sembly

C:\WINDOWS\system32\F?nts

C:\WINDOWS\system32\icons

C:\WINDOWS\system32\icons\Ball.png

C:\WINDOWS\system32\icons\Clock.png

C:\WINDOWS\system32\icons\Longhorn 5.png

C:\WINDOWS\system32\icons\Longhorn.png

C:\WINDOWS\system32\M?crosoft.NET

C:\WINDOWS\system32\Microsoft

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\s?curity

C:\WINDOWS\system32\S?mantec

C:\WINDOWS\system32\s?mbols

C:\WINDOWS\system32\s?stem

C:\WINDOWS\system32\s?stem32

C:\WINDOWS\system32\T?sks

C:\WINDOWS\system32\W?nSxS

C:\WINDOWS\system32\xpdx.sys

C:\WINDOWS\system32\àdobe

C:\WINDOWS\system32\àppPatch

C:\WINDOWS\system32\àppPatch

C:\WINDOWS\system32\çasks

C:\WINDOWS\system32\çasks

C:\WINDOWS\Tasks

C:\WINDOWS\WinSxS

C:\WINDOWS\wr.txt

C:\WINDOWS\àdobe

C:\WINDOWS\àppPatch

C:\WINDOWS\çasks

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\nm

-------\xpdx

 

 

((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))

 

 

2007-06-05 11:19 <DIR> d-------- C:\Avenger

2007-06-05 10:45 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

2007-06-05 10:30 <DIR> d-------- C:\VundoFix Backups

2007-06-05 09:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-06-05 09:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-06-04 23:05 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys

2007-06-03 23:26 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-03 23:15 <DIR> d-------- C:\Program Files\Common Files\??pPatch

2007-06-03 23:10 <DIR> d-------- C:\Program Files\??pPatch

2007-06-03 23:07 <DIR> d-------- C:\WINDOWS\çasks

2007-06-03 23:07 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 23:06 <DIR> d---s---- C:\WINDOWS\system32\??crosoft

2007-06-03 23:05 <DIR> d-------- C:\WINDOWS\system32\a?sembly

2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?asks

2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET

2007-06-03 23:03 <DIR> d---s---- C:\WINDOWS\system32\??crosoft

2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\M?crosoft.NET

2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\??crosoft

2007-06-03 23:03 <DIR> d-------- C:\Program Files\?icrosoft.NET

2007-06-03 23:02 <DIR> d-------- C:\Program Files\s?mbols

2007-06-03 23:02 <DIR> d-------- C:\Program Files\Common Files\?ystem32

2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\?asks

2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\??sks

2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\çasks

2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\A?pPatch

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\ç?sks

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\à?pPatch

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\F?nts

2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\A?pPatch

2007-06-03 23:01 <DIR> d-------- C:\Program Files\?icrosoft

2007-06-03 23:01 <DIR> d-------- C:\Program Files\??crosoft

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\ç?sks

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\à?pPatch

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?stem

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?curity

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\?ymantec

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??sks

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??curity

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\M?crosoft

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\?icrosoft

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??pPatch

2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??mantec

2007-06-03 23:00 <DIR> d-------- C:\Program Files\ç?sks

2007-06-03 23:00 <DIR> d-------- C:\Program Files\Common Files\s?stem

2007-06-03 23:00 <DIR> d-------- C:\Program Files\?ymantec

2007-06-03 23:00 <DIR> d-------- C:\Program Files\?racle

2007-06-03 23:00 <DIR> d-------- C:\Program Files\??sks

2007-06-03 22:59 <DIR> dr--s---- C:\WINDOWS\a?sembly

2007-06-03 22:59 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\ç?sks

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\F?nts

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??pPatch

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\?icrosoft.NET

2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\??crosoft

2007-06-03 22:59 <DIR> d-------- C:\Program Files\àppPatch

2007-06-03 22:59 <DIR> d-------- C:\Program Files\s?stem32

2007-06-03 22:59 <DIR> d-------- C:\Program Files\s?curity

2007-06-03 22:59 <DIR> d-------- C:\Program Files\Common Files\??crosoft

2007-06-03 22:59 <DIR> d-------- C:\Program Files\?ymbols

2007-06-03 22:59 <DIR> d-------- C:\Program Files\?dobe

2007-06-03 22:59 <DIR> d-------- C:\Program Files\?asks

2007-06-03 22:59 <DIR> d-------- C:\Program Files\??mbols

2007-06-03 22:59 <DIR> d-------- C:\Program Files\??crosoft.NET

2007-06-03 22:59 <DIR> d-------- C:\Program Files\??crosoft.NET

2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\T?sks

2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\W?nSxS

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\S?mantec

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\s?mbols

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\S?mantec

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\A?pPatch

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??stem

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??curity

2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??crosoft.NET

2007-06-03 22:58 <DIR> d-------- C:\Program Files\à?pPatch

2007-06-03 22:58 <DIR> d-------- C:\Program Files\W?nSxS

2007-06-03 22:58 <DIR> d-------- C:\Program Files\s?stem

2007-06-03 22:58 <DIR> d-------- C:\Program Files\M?crosoft

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\W?nSxS

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\s?curity

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?ymantec

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?icrosoft

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?dobe

2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\??stem32

2007-06-03 22:58 <DIR> d-------- C:\Program Files\?racle

2007-06-03 22:58 <DIR> d-------- C:\Program Files\?icrosoft.NET

2007-06-03 22:57 <DIR> dr--s---- C:\WINDOWS\F?nts

2007-06-03 22:57 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\W?nSxS

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àppPatch

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àdobe

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\T?sks

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\s?stem32

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ystem32

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?racle

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ppPatch

2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-04 23:22:15 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\SUPERAntiSpyware.com

2007-06-04 23:21:42 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-06-03 15:48:20 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\gtk-2.0

2007-06-03 13:15:54 -------- d-----w C:\Program Files\Common Files\??pPatch

2007-06-03 13:11:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem32

2007-06-03 13:10:48 -------- d-----w C:\Program Files\??pPatch

2007-06-03 13:10:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\A?pPatch

2007-06-03 13:07:38 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 13:05:58 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem32

2007-06-03 13:05:56 -------- d-----w C:\Program Files\Common Files\?asks

2007-06-03 13:05:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch

2007-06-03 13:05:25 -------- d-----w C:\Program Files\Common Files\??crosoft.NET

2007-06-03 13:05:02 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET

2007-06-03 13:04:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch

2007-06-03 13:03:05 -------- d-----w C:\Program Files\?icrosoft.NET

2007-06-03 13:02:35 -------- d-----w C:\Program Files\Common Files\?ystem32

2007-06-03 13:02:18 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET

2007-06-03 13:02:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem32

2007-06-03 13:01:57 -------- d-----w C:\Program Files\??crosoft

2007-06-03 13:01:37 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts

2007-06-03 13:01:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ssembly

2007-06-03 13:01:17 -------- d-----w C:\Program Files\Common Files\??sks

2007-06-03 13:01:13 -------- d-----w C:\Program Files\?icrosoft

2007-06-03 13:01:04 -------- d-----w C:\Program Files\Common Files\??pPatch

2007-06-03 13:00:58 -------- d-----w C:\Program Files\?ymantec

2007-06-03 13:00:44 -------- d-----w C:\Program Files\??sks

2007-06-03 13:00:22 -------- d-----w C:\Program Files\?racle

2007-06-03 13:00:21 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft

2007-06-03 13:00:08 -------- d-----w C:\Program Files\??sks

2007-06-03 12:59:58 -------- d-----w C:\Program Files\?ymbols

2007-06-03 12:59:53 -------- d-----w C:\Program Files\??mbols

2007-06-03 12:59:49 -------- d-----w C:\Program Files\?asks

2007-06-03 12:59:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks

2007-06-03 12:59:33 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks

2007-06-03 12:59:25 -------- d-----w C:\Program Files\?ppPatch

2007-06-03 12:59:19 -------- d-----w C:\Program Files\?dobe

2007-06-03 12:59:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\a?sembly

2007-06-03 12:59:15 -------- d-----w C:\Program Files\Common Files\??crosoft

2007-06-03 12:59:15 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft

2007-06-03 12:59:08 -------- d-----w C:\Program Files\??crosoft.NET

2007-06-03 12:59:00 -------- d-----w C:\Program Files\??crosoft.NET

2007-06-03 12:58:59 -------- d-----w C:\Program Files\??pPatch

2007-06-03 12:58:58 -------- d-----w C:\Program Files\Common Files\?dobe

2007-06-03 12:58:55 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymbols

2007-06-03 12:58:53 -------- d-----w C:\Program Files\Common Files\??stem32

2007-06-03 12:58:48 -------- d-----w C:\Program Files\Common Files\?ymantec

2007-06-03 12:58:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET

2007-06-03 12:58:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks

2007-06-03 12:58:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?curity

2007-06-03 12:58:41 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch

2007-06-03 12:58:37 -------- d-----w C:\Program Files\Common Files\?icrosoft

2007-06-03 12:58:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch

2007-06-03 12:58:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??curity

2007-06-03 12:58:17 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle

2007-06-03 12:58:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft

2007-06-03 12:58:12 -------- d-----w C:\Program Files\?racle

2007-06-03 12:58:07 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle

2007-06-03 12:58:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe

2007-06-03 12:58:05 -------- d-----w C:\Program Files\?icrosoft.NET

2007-06-03 12:57:55 -------- d-----w C:\Program Files\??mantec

2007-06-03 12:57:54 -------- d-----w C:\Program Files\?asks

2007-06-03 12:57:49 -------- d-----w C:\Program Files\Common Files\??sks

2007-06-03 12:57:47 -------- d-----w C:\Program Files\Common Files\?ymbols

2007-06-03 12:57:43 -------- d-----w C:\Program Files\??stem

2007-06-03 12:57:32 -------- d-----w C:\Program Files\??sembly

2007-06-03 12:57:28 -------- d-----w C:\Program Files\Common Files\?asks

2007-06-03 12:57:28 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks

2007-06-03 12:57:27 -------- d-----w C:\Program Files\Common Files\?icrosoft

2007-06-03 12:57:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft

2007-06-03 12:57:22 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?mbols

2007-06-03 12:57:19 -------- d-----w C:\Program Files\?icrosoft

2007-06-03 12:57:14 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft.NET

2007-06-03 12:57:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mantec

2007-06-03 12:57:08 -------- d-----w C:\Program Files\?ystem32

2007-06-03 12:57:06 -------- d-----w C:\Program Files\Common Files\?ecurity

2007-06-03 12:57:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ecurity

2007-06-03 12:57:05 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts

2007-06-03 12:57:04 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymantec

2007-06-03 12:57:03 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET

2007-06-03 12:56:58 -------- d-----w C:\Program Files\Common Files\??crosoft

2007-06-03 12:56:58 -------- d-----w C:\Program Files\??crosoft

2007-06-03 12:56:57 -------- d-----w C:\Program Files\?ssembly

2007-06-03 12:56:54 -------- d-----w C:\Program Files\Common Files\?ppPatch

2007-06-03 12:56:53 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe

2007-06-03 12:56:48 -------- d-----w C:\Program Files\Common Files\?ssembly

2007-06-03 12:56:46 -------- d-----w C:\Program Files\??stem32

2007-06-03 12:56:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem

2007-06-03 12:56:44 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\T?sks

2007-06-03 12:56:43 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem

2007-06-03 12:56:40 -------- d-----w C:\Program Files\?ecurity

2007-06-03 12:56:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET

2007-06-03 12:56:35 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mbols

2007-06-03 12:56:32 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft

2007-06-03 12:56:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sembly

2007-06-03 12:56:27 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET

2007-06-03 12:56:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\W?nSxS

2007-06-03 12:56:25 -------- d-----w C:\Program Files\Common Files\??stem

2007-06-03 12:56:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem

2007-06-03 12:56:24 -------- d-----w C:\Program Files\Common Files\?dobe

2007-06-03 12:56:24 -------- d-----w C:\Program Files\?dobe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2004-01-12 20:04]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07]

"SystemTray"="SysTray.Exe" [2006-01-01 10:00 C:\WINDOWS\system32\systray.exe]

"FmctrlTray"="Fmctrl.EXE" [2001-08-20 20:47 C:\WINDOWS\system32\fmctrl.exe]

"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 19:17]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-12-17 13:48]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 22:20]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Messenger\msnmsgr.exe" [2005-08-13 12:44]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-01 10:00]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"=0 (0x0)

"SynchronousUserGroupPolicy"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoLowDiskSpaceChecks"=1 (0x1)

"NoRecentDocsHistory"=00000000

"MaxRecentDocs"=10 (0xa)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

"Altap"=0 (0x0)

"LongClock"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

 

*Newly Created Service* - WUAUSERV

 

**************************************************************************

 

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-05 11:20:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Altap = 63

LongClock = 63

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Altap = 63

LongClock = 63

 

scanning hidden files ...

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASNDIS5]

"ImagePath"="\??\C:\WINDOWS\system32\ASNDIS5.SYS"

 

Completion time: 2007-06-05 11:25:49 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-05 11:25

 

--- E O F ---

 

 

and theres the Combofix Log..

thanks again by the way....

Share this post


Link to post
Share on other sites

Did you previously disable the creation of short file names?

 

Please run Notepad and paste the following text into a new file:

 

regedit /e peek.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem"
notepad peek.txt

 

Save the file to the Desktop as log.bat, and make sure the "Save as type" field says "All files". Then double-click on the log.bat file on the desktop. This will create a text file called peek.txt on the desktop. Please post that text in your next reply.

 

You have numerous folders that will need to be deleted manually. The problem is that the folders created by the infection use non-standard Cyrillic characters in the file name (the folders in the log with a question mark in the folder name like C:\WINDOWS\F?nts), but when you view the file names in Windows Explorer, you won't see a question mark, it will appear as a standard character.

All the folders you will need to delete were created on 2007-06-03.

 

Reconfigure Windows XP to show hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

 

Using Internet Explorer, go to C:\Windows.

On the drop-down menu, go to View and select Details.

Then on the same menu, go to View > "Arrange Icons by" and select Modified

Now all the files and folders will be sorted by date.

Delete all the folders that were modified on 06/03/2007

 

Now go to C:\Program Files\Common Files and do the same thing.

On the drop-down menu, go to View and select Details.

Then on the same menu, go to View > "Arrange Icons by" and select Modified

Now all the files and folders will be sorted by date.

Delete all the folders that were modified on 06/03/2007

 

Now go to C:\Program Files and do the same thing.

On the drop-down menu, go to View and select Details.

Then on the same menu, go to View > "Arrange Icons by" and select Modified

Now all the files and folders will be sorted by date.

Delete all the folders that were modified on 06/03/2007

In this case, there should only be one folder created on 06/03/2007:

It will look like C:\Program Files\Tasks

 

Now go to C:\Documents and Settings\slartibartfast\Application Data and do the same thing.

On the drop-down menu, go to View and select Details.

Then on the same menu, go to View > "Arrange Icons by" and select Modified

Now all the files and folders will be sorted by date.

Delete all the folders that were modified on 06/03/2007

 

Now go to C:\WINDOWS\system32 and do the same thing.

On the drop-down menu, go to View and select Details.

Then on the same menu, go to View > "Arrange Icons by" and select Modified

Now all the files and folders will be sorted by date.

Delete all the folders that were modified on 06/03/2007 between 10:55 PM - 11:15 PM

 

 

Please run Notepad and copy & paste the text inside the code box (starting with @echo off and ending with dp0log.txt") into a new file:

@echo off
(
chcp
set&echo.
cd /d "%systemroot%" && dir /ad/x/tc/o-d
cd c:\windows\system32 && dir /ad/x/tc/o-d
cd /d "%commonprogramfiles%" && dir /ad/x/tc/o-d
cd /d "%programfiles%" && dir /ad/x/tc/o-d
cd /d %AppData% && dir /ad/x/tc/o-d
)>"%~dp0log.txt"
start notepad "%~dp0log.txt"

Save the file to the Desktop as look2.bat, and make sure the "Save as type" field says "All files". Then double-click on the look2.bat file on the desktop. This will open Notepad with some text. Please post the contents in your next reply.

 

Now you need to hide the files you un-hid earlier:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading unselect "Show hidden files and folders".

Check the "Hide protected operating system files (recommended)" option.

Click Yes to confirm. Click OK.

 

Please post a new HijackThis log and the text from running look2.bat

Share this post


Link to post
Share on other sites

I did what you said, but I didnt delete the folders:

 

-Mozilla Firefox

-Spybot - Search & Destroy

-Grisoft

 

They were also created on the 6/3/2007

 

I didn't delete them as they had all the appropriate stuff in them. And I remember installing spybot and grisoft around then, not sure about Mozilla though. ]

Anyway........

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:13:55 AM, on 6/14/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\slartibartfast\Desktop\FreeSpaceOpenInstaller\Installer\FreeSpaceOpenInstaller.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 3761 bytes

 

---------------------------------------------------------------------------------------------------------

 

PEEK.TXT

 

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]

"NtfsDisable8dot3NameCreation"=dword:00000001

"Win31FileSystem"=dword:00000000

"Win95TruncatedExtensions"=dword:00000001

"NtfsDisableLastAccessUpdate"=dword:00000001

 

 

 

-----------------------------------------------------------------------------------------------------------

 

LOG.TXT

 

Active code page: 437

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\slartibartfast\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=BASIL

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\slartibartfast

LOGONSERVER=\\BASIL

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0703

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp

TMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp

tvdumpflags=8

USERDOMAIN=BASIL

USERNAME=slartibartfast

USERPROFILE=C:\Documents and Settings\slartibartfast

windir=C:\WINDOWS

 

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\WINDOWS

 

06/12/2007 06:08 PM <DIR> LastGood

06/07/2007 06:39 AM <DIR> CSC

06/06/2007 03:05 PM <DIR> SxsCaPendDel

06/05/2007 12:45 PM <DIR> Internet Logs

06/05/2007 11:27 AM <DIR> TEMP

06/05/2007 11:17 AM <DIR> erdnt

05/31/2007 03:08 AM <DIR> assembly

05/31/2007 03:06 AM <DIR> Microsoft.NET

03/13/2007 10:53 PM <DIR> Datalcrn

02/05/2007 09:36 PM <DIR> Downloaded Installations

01/29/2007 01:48 PM <DIR> ShellNew

01/26/2007 10:17 PM <DIR> INSTAL~1 Installer

01/26/2007 10:06 PM <DIR> ehome

01/26/2007 10:06 PM <DIR> PeerNet

01/26/2007 10:06 PM <DIR> pchealth

01/26/2007 10:06 PM <DIR> mui

01/26/2007 10:06 PM <DIR> Motorola

01/26/2007 10:06 PM <DIR> WinSxS

01/26/2007 10:06 PM <DIR> ime

01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning

01/26/2007 10:06 PM <DIR> RESOUR~1 Resources

01/26/2007 10:06 PM <DIR> Debug

01/26/2007 10:06 PM <DIR> AppPatch

01/26/2007 10:06 PM <DIR> msapps

01/26/2007 10:06 PM <DIR> twain_32

01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache

01/26/2007 10:06 PM <DIR> security

01/26/2007 10:06 PM <DIR> Cursors

01/26/2007 10:06 PM <DIR> msagent

01/26/2007 10:06 PM <DIR> java

01/26/2007 10:06 PM <DIR> Web

01/26/2007 10:06 PM <DIR> Help

01/26/2007 10:06 PM <DIR> Media

01/26/2007 10:06 PM <DIR> Fonts

01/26/2007 10:06 PM <DIR> repair

01/26/2007 10:06 PM <DIR> inf

01/26/2007 10:06 PM <DIR> system32

01/26/2007 10:06 PM <DIR> .

01/26/2007 10:06 PM <DIR> system

01/26/2007 10:06 PM <DIR> ..

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:53 PM <DIR> WBEM

01/26/2007 04:51 PM <DIR> ie7

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$

01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$

01/26/2007 04:49 PM <DIR> $hf_mig$

01/26/2007 03:28 PM <DIR> msdownld.tmp

01/26/2007 12:14 PM <DIR> SoftwareDistribution

01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages

01/26/2007 11:54 AM <DIR> Tasks

01/26/2007 11:54 AM <DIR> srchasst

01/26/2007 11:51 AM <DIR> REGIST~1 Registration

0 File(s) 0 bytes

53 Dir(s) 2,246,438,912 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\WINDOWS\system32

 

06/05/2007 12:50 PM <DIR> ZoneLabs

05/31/2007 11:07 AM <DIR> URTTemp

04/14/2007 02:58 PM <DIR> ReinstallBackups

04/14/2007 11:35 AM <DIR> Samsung_Mobile_USB_Drivers

02/11/2007 02:08 PM <DIR> appmgmt

01/29/2007 09:16 PM <DIR> LogFiles

01/26/2007 10:15 PM <DIR> CatRoot2

01/26/2007 10:15 PM <DIR> CatRoot

01/26/2007 10:06 PM <DIR> MEDIAG~1 MediaGraph

01/26/2007 10:06 PM <DIR> DSFILT~1 DSFilters

01/26/2007 10:06 PM <DIR> DVDGraph

01/26/2007 10:06 PM <DIR> 3com_dmi

01/26/2007 10:06 PM <DIR> DVDAUT~1 DVDAutoGraph

01/26/2007 10:06 PM <DIR> Texture

01/26/2007 10:06 PM <DIR> MEDIAA~1 MediaAutoGraph

01/26/2007 10:06 PM <DIR> IME

01/26/2007 10:06 PM <DIR> BRUSH

01/26/2007 10:06 PM <DIR> ALBUM-2

01/26/2007 10:06 PM <DIR> 1033

01/26/2007 10:06 PM <DIR> Samples

01/26/2007 10:06 PM <DIR> usmt

01/26/2007 10:06 PM <DIR> Albums

01/26/2007 10:06 PM <DIR> STAMPS

01/26/2007 10:06 PM <DIR> Shapes

01/26/2007 10:06 PM <DIR> Skin

01/26/2007 10:06 PM <DIR> Real

01/26/2007 10:06 PM <DIR> oobe

01/26/2007 10:06 PM <DIR> export

01/26/2007 10:06 PM <DIR> icsxml

01/26/2007 10:06 PM <DIR> mui

01/26/2007 10:06 PM <DIR> wbem

01/26/2007 10:06 PM <DIR> npp

01/26/2007 10:06 PM <DIR> ias

01/26/2007 10:06 PM <DIR> dllcache

01/26/2007 10:06 PM <DIR> pptv

01/26/2007 10:06 PM <DIR> ShellExt

01/26/2007 10:06 PM <DIR> Setup

01/26/2007 10:06 PM <DIR> docklets

01/26/2007 10:06 PM <DIR> LANGUA~1 languages

01/26/2007 10:06 PM <DIR> config

01/26/2007 10:06 PM <DIR> spool

01/26/2007 10:06 PM <DIR> ras

01/26/2007 10:06 PM <DIR> drivers

01/26/2007 10:06 PM <DIR> ..

01/26/2007 10:06 PM <DIR> .

01/26/2007 04:53 PM <DIR> en-US

01/26/2007 12:01 PM <DIR> xircom

01/26/2007 12:01 PM <DIR> inetsrv

01/26/2007 12:00 PM <DIR> Skins

01/26/2007 12:00 PM <DIR> Plugins

01/26/2007 11:55 AM <DIR> DirectX

01/26/2007 11:54 AM <DIR> Macromed

01/26/2007 11:53 AM <DIR> Restore

01/26/2007 11:49 AM <DIR> MsDtc

01/26/2007 11:49 AM <DIR> Com

0 File(s) 0 bytes

55 Dir(s) 2,246,438,912 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Program Files\Common Files

 

06/03/2007 11:15 PM <DIR> ??pPatch

06/03/2007 11:07 PM <DIR> ?icrosoft.NET

06/03/2007 11:05 PM <DIR> ?asks

06/03/2007 11:05 PM <DIR> ??crosoft.NET

06/03/2007 11:05 PM <DIR> ?icrosoft.NET

06/03/2007 11:02 PM <DIR> ?ystem32

06/03/2007 11:01 PM <DIR> A?pPatch

06/03/2007 11:01 PM <DIR> ç?sks

06/03/2007 11:01 PM <DIR> F?nts

06/03/2007 11:01 PM <DIR> à?pPatch

06/03/2007 11:00 PM <DIR> s?stem

06/03/2007 10:59 PM <DIR> ??crosoft

06/03/2007 10:58 PM <DIR> ?dobe

06/03/2007 10:58 PM <DIR> ??stem32

06/03/2007 10:58 PM <DIR> ?ymantec

06/03/2007 10:58 PM <DIR> s?curity

06/03/2007 10:58 PM <DIR> ?icrosoft

06/03/2007 10:58 PM <DIR> W?nSxS

06/03/2007 10:57 PM <DIR> S?mantec

06/03/2007 10:57 PM <DIR> ??sks

06/03/2007 10:57 PM <DIR> s?mbols

06/03/2007 10:57 PM <DIR> ?ymbols

06/03/2007 10:57 PM <DIR> çasks

06/03/2007 10:57 PM <DIR> ?icrosoft

06/03/2007 10:57 PM <DIR> M?crosoft

06/03/2007 10:57 PM <DIR> F?nts

06/03/2007 10:57 PM <DIR> s?stem32

06/03/2007 10:57 PM <DIR> ?ecurity

06/03/2007 10:56 PM <DIR> ??crosoft

06/03/2007 10:56 PM <DIR> ?ppPatch

06/03/2007 10:56 PM <DIR> ?ssembly

06/03/2007 10:56 PM <DIR> a?sembly

06/03/2007 10:56 PM <DIR> ??crosoft.NET

06/03/2007 10:56 PM <DIR> T?sks

06/03/2007 10:56 PM <DIR> ??stem

06/03/2007 10:56 PM <DIR> àdobe

06/03/2007 10:56 PM <DIR> ??sembly

06/03/2007 10:56 PM <DIR> M?crosoft.NET

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ??curity

06/03/2007 10:56 PM <DIR> àppPatch

06/03/2007 10:56 PM <DIR> ?racle

06/03/2007 10:56 PM <DIR> ??mantec

06/03/2007 01:44 PM <DIR> ??mbols

06/03/2007 01:43 PM <DIR> ?ystem

05/09/2007 09:02 AM <DIR> GTK

04/03/2007 03:03 PM <DIR> Wise Installation Wizard

01/29/2007 01:49 PM <DIR> Designer

01/28/2007 06:42 PM <DIR> Adobe

01/26/2007 10:17 PM <DIR> ODBC

01/26/2007 10:17 PM <DIR> SPEECH~1 SpeechEngines

01/26/2007 10:17 PM <DIR> MICROS~1 Microsoft Shared

01/26/2007 10:17 PM <DIR> .

01/26/2007 10:17 PM <DIR> ..

01/26/2007 03:27 PM <DIR> InstallShield

01/26/2007 11:54 AM <DIR> Services

01/26/2007 11:54 AM <DIR> MSSoap

01/26/2007 11:53 AM <DIR> System

0 File(s) 0 bytes

58 Dir(s) 2,246,438,912 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Program Files

 

06/12/2007 06:08 PM <DIR> Microsoft Games

06/06/2007 03:06 PM <DIR> Adobe

06/05/2007 01:14 PM <DIR> AntiVir PersonalEdition Classic

06/05/2007 12:45 PM <DIR> Zone Labs

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware

06/03/2007 11:24 PM <DIR> Grisoft

06/03/2007 05:37 PM <DIR> Spybot - Search & Destroy

06/03/2007 01:51 PM <DIR> AnVir Virus Destroyer

06/02/2007 12:46 AM <DIR> Sierra

05/09/2007 09:03 AM <DIR> GIMP-2.0

04/30/2007 11:09 AM <DIR> ASUS

04/24/2007 10:54 AM <DIR> iPod

04/24/2007 10:53 AM <DIR> iTunes

04/19/2007 01:15 AM <DIR> QuickTime

04/14/2007 01:04 PM <DIR> SAMSUNG

04/14/2007 11:35 AM <DIR> dumdumSAMSUNG

04/03/2007 03:04 PM <DIR> EndNote 9

03/22/2007 08:26 PM <DIR> DivX

03/07/2007 11:04 AM <DIR> Cucusoft

02/18/2007 05:55 PM <DIR> Audacity

02/11/2007 10:03 PM <DIR> TVPaint Developpement

02/11/2007 08:32 PM <DIR> VideoLAN

02/11/2007 05:54 PM <DIR> Ambient Design

02/11/2007 02:07 PM <DIR> BitLord

02/05/2007 09:36 PM <DIR> BOINC

02/05/2007 01:10 AM <DIR> Opera

02/02/2007 09:55 PM <DIR> ClamWin

02/02/2007 09:51 PM <DIR> WinRAR

01/29/2007 01:50 PM <DIR> Microsoft ActiveSync

01/29/2007 01:48 PM <DIR> Microsoft Office

01/26/2007 10:17 PM <DIR> ..

01/26/2007 10:17 PM <DIR> COMMON~1 Common Files

01/26/2007 10:17 PM <DIR> .

01/26/2007 04:33 PM <DIR> Java

01/26/2007 03:46 PM <DIR> Mozilla Firefox

01/26/2007 03:27 PM <DIR> D-Link

01/26/2007 03:27 PM <DIR> InstallShield Installation Information

01/26/2007 03:27 PM <DIR> OptusNet DSL Internet

01/26/2007 12:17 PM <DIR> Uninstall Information

01/26/2007 12:01 PM <DIR> xerox

01/26/2007 12:01 PM <DIR> MSNGAM~1 msn gaming zone

01/26/2007 12:01 PM <DIR> MICROS~1 microsoft frontpage

01/26/2007 11:56 AM <DIR> WINDOW~3 WindowsUpdate

01/26/2007 11:55 AM <DIR> ONLINE~1 Online Services

01/26/2007 11:54 AM <DIR> MOVIEM~1 Movie Maker

01/26/2007 11:53 AM <DIR> NETMEE~1 NetMeeting

01/26/2007 11:53 AM <DIR> OUTLOO~1 Outlook Express

01/26/2007 11:53 AM <DIR> INTERN~1 Internet Explorer

01/26/2007 11:51 AM <DIR> WINDOW~2 Windows Media Player

01/26/2007 11:50 AM <DIR> MESSEN~1 Messenger

01/26/2007 11:50 AM <DIR> WINDOW~1 Windows NT

0 File(s) 0 bytes

51 Dir(s) 2,246,438,912 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Documents and Settings\slartibartfast\Application Data

 

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware.com

05/09/2007 09:07 AM <DIR> gtk-2.0

04/03/2007 03:06 PM <DIR> EndNote

04/03/2007 12:44 PM <DIR> GetRightToGo

02/11/2007 10:05 PM <DIR> tvpaint animation

02/11/2007 08:37 PM <DIR> vlc

02/11/2007 08:35 PM <DIR> COWON

02/11/2007 05:55 PM <DIR> Ambient Design

02/06/2007 11:01 AM <DIR> Apple Computer

02/05/2007 01:11 AM <DIR> Opera

01/28/2007 07:04 PM <DIR> Adobe

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:32 PM <DIR> Macromedia

01/26/2007 03:46 PM <DIR> Mozilla

01/26/2007 12:17 PM <DIR> Identities

01/26/2007 12:17 PM <DIR> ..

01/26/2007 12:17 PM <DIR> .

01/26/2007 12:17 PM <DIR> Microsoft

0 File(s) 0 bytes

18 Dir(s) 2,246,438,912 bytes free

 

thanks...

 

Oh, and I dont ever remember disabling the creation of short file names.

Edited by chickeniam

Share this post


Link to post
Share on other sites
I did what you said, but I didnt delete the folders:

 

-Mozilla Firefox

-Spybot - Search & Destroy

-Grisoft

 

They were also created on the 6/3/2007

I missed the date on those. You did right by leaving them :thumbsup:

 

You did miss deleting the folders in one location though.

 

Using Internet Explorer, go C:\Program Files\Common Files.

On the drop-down menu, go to View and select Details.

Then on the same menu, go to View > "Arrange Icons by" and select Modified

Now all the files and folders will be sorted by date.

Delete all the folders that were modified on 06/03/2007. They were all created between 10:56 PM - 11:15 PM with the exception of two that were created at 01:43 PM and 01:44 PM. It would appear to be a total of 45 folders.

 

 

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entry you checked.

 

 

Please run Notepad and paste the following text inside the Code box (starting with REGEDIT4) into a new file:

 

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000000
"NtfsDisableLastAccessUpdate"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

 

 

Please go to VirusTotal and submit the following file for a scan and post the results in your next reply:

C:\Documents and Settings\slartibartfast\Desktop\FreeSpaceOpenInstaller\Installer\FreeSpaceOpenInstaller.exe

 

 

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):

  1. Click on "Kaspersky Online Scanner".
  2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on "Next".
  5. Now click on "Scan Settings".
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases

[*]Click "OK".

[*]Now under select a target to scan:

  • Select "My Computer".

[*]This program will start and scan your system.

[*]The scan will take a while so be patient and let it run.

[*]Once the scan is complete it will display if your system has been infected.

  • Now click on the "Save Report As" button.
  • In the "File name:" field, type kavscan.
  • In the "Save as type:" field, select "Text file (*.txt)".

[*]Save the file to your desktop.

[*]Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

 

 

Double-click on look2.bat to run it again and post the text that opens in Notepad in your next reply.

 

 

Please post a new HijackThis log, the log from running Kaspersky's online scan, and in a second reply the text from running look2.bat, the results from scanning the file at VirusTotal, and note any errors encountered.

Share this post


Link to post
Share on other sites

Thanks,

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:41:09 PM, on 6/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\WINDOWS\system32\Fmctrl.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\notepad.exe

C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm

O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 3691 bytes

 

 

 

------------------------------------------------------------------------------------------------------------

 

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, 15 June, 2007 11:18:38 AM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 15/06/2007

Kaspersky Anti-Virus database records: 346801

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

 

Scan Statistics:

Total number of scanned objects: 24843

Number of viruses found: 3

Number of infected objects: 6 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:00:46

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cert8.db Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\history.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\key3.db Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\parent.lock Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\search.sqlite Object is locked skipped

C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\slartibartfast\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\slartibartfast\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\slartibartfast\NTUSER.DAT.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\VundoFix Backups\efeedby.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\VundoFix Backups\hggheef.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\VundoFix Backups\opnkiji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\VundoFix Backups\oypxtfpk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped

C:\VundoFix Backups\ssqnkkj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\VundoFix Backups\yabcb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\BASIL.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\ZLT00b32.TMP Object is locked skipped

C:\WINDOWS\TEMP\ZLT00b49.TMP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

Share this post


Link to post
Share on other sites

LOOK2.BAT LOG:-->

 

Active code page: 437

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\slartibartfast\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=BASIL

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\slartibartfast

LOGONSERVER=\\BASIL

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0703

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp

TMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp

tvdumpflags=8

USERDOMAIN=BASIL

USERNAME=slartibartfast

USERPROFILE=C:\Documents and Settings\slartibartfast

windir=C:\WINDOWS

 

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\WINDOWS

 

06/15/2007 08:36 AM <DIR> LastGood

06/15/2007 08:35 AM <DIR> Downloaded Program Files

06/07/2007 06:39 AM <DIR> CSC

06/06/2007 03:05 PM <DIR> SxsCaPendDel

06/05/2007 12:45 PM <DIR> Internet Logs

06/05/2007 11:27 AM <DIR> TEMP

06/05/2007 11:17 AM <DIR> erdnt

05/31/2007 03:08 AM <DIR> assembly

05/31/2007 03:06 AM <DIR> Microsoft.NET

03/13/2007 10:53 PM <DIR> Datalcrn

02/05/2007 09:36 PM <DIR> Downloaded Installations

01/29/2007 01:48 PM <DIR> ShellNew

01/26/2007 10:17 PM <DIR> INSTAL~1 Installer

01/26/2007 10:06 PM <DIR> ehome

01/26/2007 10:06 PM <DIR> PeerNet

01/26/2007 10:06 PM <DIR> pchealth

01/26/2007 10:06 PM <DIR> mui

01/26/2007 10:06 PM <DIR> Motorola

01/26/2007 10:06 PM <DIR> WinSxS

01/26/2007 10:06 PM <DIR> ime

01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning

01/26/2007 10:06 PM <DIR> RESOUR~1 Resources

01/26/2007 10:06 PM <DIR> Debug

01/26/2007 10:06 PM <DIR> AppPatch

01/26/2007 10:06 PM <DIR> msapps

01/26/2007 10:06 PM <DIR> twain_32

01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache

01/26/2007 10:06 PM <DIR> security

01/26/2007 10:06 PM <DIR> Cursors

01/26/2007 10:06 PM <DIR> msagent

01/26/2007 10:06 PM <DIR> java

01/26/2007 10:06 PM <DIR> Web

01/26/2007 10:06 PM <DIR> Help

01/26/2007 10:06 PM <DIR> Media

01/26/2007 10:06 PM <DIR> Fonts

01/26/2007 10:06 PM <DIR> repair

01/26/2007 10:06 PM <DIR> inf

01/26/2007 10:06 PM <DIR> system32

01/26/2007 10:06 PM <DIR> .

01/26/2007 10:06 PM <DIR> system

01/26/2007 10:06 PM <DIR> ..

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:53 PM <DIR> WBEM

01/26/2007 04:51 PM <DIR> ie7

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$

01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$

01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$

01/26/2007 04:49 PM <DIR> $hf_mig$

01/26/2007 03:28 PM <DIR> msdownld.tmp

01/26/2007 12:14 PM <DIR> SoftwareDistribution

01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages

01/26/2007 11:54 AM <DIR> Tasks

01/26/2007 11:54 AM <DIR> srchasst

01/26/2007 11:51 AM <DIR> REGIST~1 Registration

0 File(s) 0 bytes

54 Dir(s) 2,219,171,840 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\WINDOWS\system32

 

06/15/2007 08:37 AM <DIR> Kaspersky Lab

06/05/2007 12:50 PM <DIR> ZoneLabs

05/31/2007 11:07 AM <DIR> URTTemp

04/14/2007 02:58 PM <DIR> ReinstallBackups

04/14/2007 11:35 AM <DIR> Samsung_Mobile_USB_Drivers

02/11/2007 02:08 PM <DIR> appmgmt

01/29/2007 09:16 PM <DIR> LogFiles

01/26/2007 10:15 PM <DIR> CatRoot2

01/26/2007 10:15 PM <DIR> CatRoot

01/26/2007 10:06 PM <DIR> MEDIAG~1 MediaGraph

01/26/2007 10:06 PM <DIR> DVDGraph

01/26/2007 10:06 PM <DIR> 3com_dmi

01/26/2007 10:06 PM <DIR> DSFILT~1 DSFilters

01/26/2007 10:06 PM <DIR> IME

01/26/2007 10:06 PM <DIR> DVDAUT~1 DVDAutoGraph

01/26/2007 10:06 PM <DIR> Texture

01/26/2007 10:06 PM <DIR> MEDIAA~1 MediaAutoGraph

01/26/2007 10:06 PM <DIR> STAMPS

01/26/2007 10:06 PM <DIR> 1033

01/26/2007 10:06 PM <DIR> ALBUM-2

01/26/2007 10:06 PM <DIR> Albums

01/26/2007 10:06 PM <DIR> Samples

01/26/2007 10:06 PM <DIR> BRUSH

01/26/2007 10:06 PM <DIR> usmt

01/26/2007 10:06 PM <DIR> Shapes

01/26/2007 10:06 PM <DIR> Skin

01/26/2007 10:06 PM <DIR> Real

01/26/2007 10:06 PM <DIR> oobe

01/26/2007 10:06 PM <DIR> icsxml

01/26/2007 10:06 PM <DIR> export

01/26/2007 10:06 PM <DIR> mui

01/26/2007 10:06 PM <DIR> dllcache

01/26/2007 10:06 PM <DIR> npp

01/26/2007 10:06 PM <DIR> ias

01/26/2007 10:06 PM <DIR> pptv

01/26/2007 10:06 PM <DIR> wbem

01/26/2007 10:06 PM <DIR> docklets

01/26/2007 10:06 PM <DIR> Setup

01/26/2007 10:06 PM <DIR> ShellExt

01/26/2007 10:06 PM <DIR> LANGUA~1 languages

01/26/2007 10:06 PM <DIR> .

01/26/2007 10:06 PM <DIR> ..

01/26/2007 10:06 PM <DIR> spool

01/26/2007 10:06 PM <DIR> config

01/26/2007 10:06 PM <DIR> drivers

01/26/2007 10:06 PM <DIR> ras

01/26/2007 04:53 PM <DIR> en-US

01/26/2007 12:01 PM <DIR> xircom

01/26/2007 12:01 PM <DIR> inetsrv

01/26/2007 12:00 PM <DIR> Skins

01/26/2007 12:00 PM <DIR> Plugins

01/26/2007 11:55 AM <DIR> DirectX

01/26/2007 11:54 AM <DIR> Macromed

01/26/2007 11:53 AM <DIR> Restore

01/26/2007 11:49 AM <DIR> MsDtc

01/26/2007 11:49 AM <DIR> Com

0 File(s) 0 bytes

56 Dir(s) 2,219,171,840 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Program Files\Common Files

 

05/09/2007 09:02 AM <DIR> GTK

04/03/2007 03:03 PM <DIR> Wise Installation Wizard

01/29/2007 01:49 PM <DIR> Designer

01/28/2007 06:42 PM <DIR> Adobe

01/26/2007 10:17 PM <DIR> ODBC

01/26/2007 10:17 PM <DIR> SPEECH~1 SpeechEngines

01/26/2007 10:17 PM <DIR> MICROS~1 Microsoft Shared

01/26/2007 10:17 PM <DIR> ..

01/26/2007 10:17 PM <DIR> .

01/26/2007 03:27 PM <DIR> InstallShield

01/26/2007 11:54 AM <DIR> Services

01/26/2007 11:54 AM <DIR> MSSoap

01/26/2007 11:53 AM <DIR> System

0 File(s) 0 bytes

13 Dir(s) 2,219,171,840 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Program Files

 

06/14/2007 10:28 AM <DIR> OpenAL

06/12/2007 06:08 PM <DIR> Microsoft Games

06/06/2007 03:06 PM <DIR> Adobe

06/05/2007 01:14 PM <DIR> AntiVir PersonalEdition Classic

06/05/2007 12:45 PM <DIR> Zone Labs

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware

06/03/2007 11:24 PM <DIR> Grisoft

06/03/2007 05:37 PM <DIR> Spybot - Search & Destroy

06/02/2007 12:46 AM <DIR> Sierra

05/09/2007 09:03 AM <DIR> GIMP-2.0

04/30/2007 11:09 AM <DIR> ASUS

04/24/2007 10:54 AM <DIR> iPod

04/24/2007 10:53 AM <DIR> iTunes

04/19/2007 01:15 AM <DIR> QuickTime

04/14/2007 01:04 PM <DIR> SAMSUNG

04/14/2007 11:35 AM <DIR> dumdumSAMSUNG

04/03/2007 03:04 PM <DIR> EndNote 9

03/22/2007 08:26 PM <DIR> DivX

03/07/2007 11:04 AM <DIR> Cucusoft

02/18/2007 05:55 PM <DIR> Audacity

02/11/2007 10:03 PM <DIR> TVPaint Developpement

02/11/2007 08:32 PM <DIR> VideoLAN

02/11/2007 05:54 PM <DIR> Ambient Design

02/11/2007 02:07 PM <DIR> BitLord

02/05/2007 09:36 PM <DIR> BOINC

02/05/2007 01:10 AM <DIR> Opera

02/02/2007 09:55 PM <DIR> ClamWin

02/02/2007 09:51 PM <DIR> WinRAR

01/29/2007 01:50 PM <DIR> Microsoft ActiveSync

01/29/2007 01:48 PM <DIR> Microsoft Office

01/26/2007 10:17 PM <DIR> .

01/26/2007 10:17 PM <DIR> COMMON~1 Common Files

01/26/2007 10:17 PM <DIR> ..

01/26/2007 04:33 PM <DIR> Java

01/26/2007 03:46 PM <DIR> Mozilla Firefox

01/26/2007 03:27 PM <DIR> D-Link

01/26/2007 03:27 PM <DIR> InstallShield Installation Information

01/26/2007 03:27 PM <DIR> OptusNet DSL Internet

01/26/2007 12:17 PM <DIR> Uninstall Information

01/26/2007 12:01 PM <DIR> xerox

01/26/2007 12:01 PM <DIR> MSNGAM~1 msn gaming zone

01/26/2007 12:01 PM <DIR> MICROS~1 microsoft frontpage

01/26/2007 11:56 AM <DIR> WINDOW~3 WindowsUpdate

01/26/2007 11:55 AM <DIR> ONLINE~1 Online Services

01/26/2007 11:54 AM <DIR> MOVIEM~1 Movie Maker

01/26/2007 11:53 AM <DIR> NETMEE~1 NetMeeting

01/26/2007 11:53 AM <DIR> OUTLOO~1 Outlook Express

01/26/2007 11:53 AM <DIR> INTERN~1 Internet Explorer

01/26/2007 11:51 AM <DIR> WINDOW~2 Windows Media Player

01/26/2007 11:50 AM <DIR> MESSEN~1 Messenger

01/26/2007 11:50 AM <DIR> WINDOW~1 Windows NT

0 File(s) 0 bytes

51 Dir(s) 2,219,171,840 bytes free

Volume in drive C has no label.

Volume Serial Number is 0C78-6CC5

 

Directory of C:\Documents and Settings\slartibartfast\Application Data

 

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware.com

05/09/2007 09:07 AM <DIR> gtk-2.0

04/03/2007 03:06 PM <DIR> EndNote

04/03/2007 12:44 PM <DIR> GetRightToGo

02/11/2007 10:05 PM <DIR> tvpaint animation

02/11/2007 08:37 PM <DIR> vlc

02/11/2007 08:35 PM <DIR> COWON

02/11/2007 05:55 PM <DIR> Ambient Design

02/06/2007 11:01 AM <DIR> Apple Computer

02/05/2007 01:11 AM <DIR> Opera

01/28/2007 07:04 PM <DIR> Adobe

01/26/2007 08:07 PM <DIR> Sun

01/26/2007 04:32 PM <DIR> Macromedia

01/26/2007 03:46 PM <DIR> Mozilla

01/26/2007 12:17 PM <DIR> Identities

01/26/2007 12:17 PM <DIR> ..

01/26/2007 12:17 PM <DIR> .

01/26/2007 12:17 PM <DIR> Microsoft

0 File(s) 0 bytes

18 Dir(s) 2,219,171,840 bytes free

 

 

----------------------------------------------------------------------------------------------------------------

 

 

VIRUSTOTAL SCAN LOG: --->

 

 

Complete scanning result of "FreeSpaceOpenInstaller.exe", received in VirusTotal at 06.15.2007, 00:23:32 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.5.9.0 05.09.2007 no virus found

AntiVir 7.4.0.32 06.14.2007 no virus found

Authentium 4.93.8 06.14.2007 no virus found

Avast 4.7.997.0 06.14.2007 no virus found

AVG 7.5.0.467 05.08.2007 no virus found

BitDefender 7.2 06.15.2007 no virus found

CAT-QuickHeal 9.00 06.14.2007 no virus found

ClamAV devel-20070416 05.09.2007 no virus found

DrWeb 4.33 06.14.2007 no virus found

eSafe 7.0.15.0 05.08.2007 no virus found

eTrust-Vet 30.7.3719 06.14.2007 no virus found

FileAdvisor 1 06.15.2007 no virus found

Fortinet 2.85.0.0 06.14.2007 no virus found

F-Prot 4.3.2.48 05.08.2007 no virus found

F-Secure 6.70.13030.0 05.09.2007 no virus found

Ikarus T3.1.1.7 05.09.2007 no virus found

Kaspersky 4.0.2.24 06.15.2007 no virus found

McAfee 5053 06.14.2007 no virus found

Microsoft 1.2503 06.14.2007 no virus found

NOD32v2 2329 06.14.2007 no virus found

Norman 5.80.02 06.14.2007 no virus found

Panda 9.0.0.4 06.15.2007 no virus found

Prevx1 V2 06.15.2007 no virus found

Sophos 4.18.0 06.12.2007 no virus found

Sunbelt 2.2.907.0 05.05.2007 no virus found

Symantec 10 05.09.2007 no virus found

TheHacker 6.1.6.133 06.14.2007 no virus found

VBA32 3.12.0.2 06.14.2007 no virus found

VirusBuster 4.3.23:9 06.14.2007 no virus found

Webwasher-Gateway 6.0.1 05.09.2007 no virus found

 

Aditional Information

File size: 144384 bytes

MD5: 92dd87d45153320b117f17fdae4f3eda

SHA1: d3053d715436883d4ebf884cce709591e5cd0ea6

 

 

Everything went smoothly!

 

by the way, thanks so much for your help, It must be a full time job volunteering for this! How do you do it?!

SImon

Edited by chickeniam

Share this post


Link to post
Share on other sites

It looks like you got it all :thumbsup:

 

by the way, thanks so much for your help

I'm glad I was able to help.

 

It must be a full time job volunteering for this! How do you do it?!

I just duck when the wife thinks I'm spending too much time at this. :)

 

There is an optional fix you can do:

 

Run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):

 

You can optionally check the following entry. This is part of Microsoft Office located in your Startup folder, but it's not needed, and it's a resource hog:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entry you checked.

 

Using Windows Explorer, delete the following folders:

C:\VundoFix Backups

C:\SDFix

C:\Qoobox

 

You can delete VundoFix (if you still have it) and ComboFix now also.

 

Create a Restore Point

  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close

Run Disk Cleanup

  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK

    [*]When Disk Cleanup opens, select the More Options tab

    [*]In the System Restore section (bottom of window), click Cleanup

    • In the confirmation window that opens, click Yes

    [*]Now click on the Disk Cleanup tab and select the following items:

    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files

    [*]Click OK

    [*]in the confirmation window, select Yes (Disk Cleanup will close).

There are several free utilities you can use to help keep malware off your system:

 

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/winhelp2002/hosts.htm.

 

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewarrior.com/uiuc/resource.htm.

 

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacoolsoftware.com/products.html.

 

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://forums.spywareinfo.com/index.php?showtopic=60955

 

Does your problem appear resolved?

Share this post


Link to post
Share on other sites

Awsome,

Thanks once again for your help,

 

It's amazing how much faster and better the computer runs when it's not sick!

 

All seems well now!

Thanks Again!

 

Simon

 

PS Hope your wife throws soft things ;)

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0