Jump to content


Photo

Infested Computer TrojanDownloaderAgentAFG


  • This topic is locked This topic is locked
16 replies to this topic

#1 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 03 June 2007 - 10:20 AM

HELP!

I was recently infected with TrojanDownloaderAgentAFG. (Hijackthis and AVGantimalware Log Files Below)

Immediately searched for an online antivirus that could help, none did.

Downloaded and used Spybot S&D......Helped a little bit.

Followed instructions on this website

Used AVG anti malware and HijackThis

Seemed to get rid of a whole bunch of malware/spyware. including some fake -ing thing that popped up and told me that there were updates ready for my computer (sorry I can't remember the name of it......)
Also deleted something called zuxoxiba.exe.

I can't seem to get rid of these files called :
O2 - BHO: (no name) - {1613AA55-8490-45F1-A6AB-0A2911470629} - C:\WINDOWS\system32\nnnkj.dll
O2 - BHO: (no name) - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527} - C:\WINDOWS\system32\hggheef.dll
O20 - Winlogon Notify: hggheef - C:\WINDOWS\SYSTEM32\hggheef.dll
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\system32\nnnkj.dll

Tried deleting these files using the "delete on reboot" option in Hijackthis, with no success. (they wont die!!)

They're not the only offenders, Spybot S&D occasionly comes up asking me either to allow or deny a registry change of sort, by all different things.


Example:
Spybot search and destroy Dialogue box:
""
Category: Browser Helper Object
Change: Value deleted

Entry {1613AA55-8490-45F1-A6AB-0A2911470629}
""
(they're not all exactly like this.)

Then at the bottom the two buttons are covered.
It's kinda odd...I'm assuming they say allow on the left and deny on the right....I try to allways deny these
Screenshot Link: http://h1.ripway.com...hotSpybotSD.jpg

AND

whenever I'm offline (unplugged modem) it pops up randomly and tells me I'm offline and no internet connection is available.


I also found a whole bunch of random Empty Folders in y documents....
with names such as: "Security" "symbols" "system" "system32" "microsoft" "AppPatch" "assembly"


causing much grief. Help muchly mostly and greatly appreciated.




Here are my log files:




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:04:34 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {1613AA55-8490-45F1-A6AB-0A2911470629} - C:\WINDOWS\system32\nnnkj.dll
O2 - BHO: (no name) - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527} - C:\WINDOWS\system32\hggheef.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Altap] tskstsh
O4 - HKUS\S-1-5-19\..\RunOnce: [Set] fuset.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [Set] fuset.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [Set] fuset.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Set] fuset.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O20 - Winlogon Notify: hggheef - C:\WINDOWS\SYSTEM32\hggheef.dll
O20 - Winlogon Notify: nnnkj - C:\WINDOWS\system32\nnnkj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4289 bytes






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:55:05 AM 6/4/2007

+ Scan result:



C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\Content.IE5\OYQGXJEA\stkck[1].htm -> Downloader.Small.cwj : Cleaned.
E:\My Documents\Shared\(full) age of empires 2 no cd 38.rar/setup.exe -> Hijacker.Agent.hi : Cleaned.
:mozilla.115:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.147:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.152:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.359:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.434:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.177:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.648:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.190:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.191:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.32:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.822:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.238:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.239:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.240:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.823:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.257:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.183:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.184:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.185:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.186:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.211:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.212:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.213:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.330:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.331:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.659:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.660:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.661:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.662:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.663:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.664:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.665:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.666:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.667:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.668:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.669:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.670:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.671:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.672:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.852:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.853:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.854:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.366:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.369:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.370:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.371:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.379:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.380:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.791:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.792:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.793:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.794:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.766:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.24:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.471:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.472:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.473:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.478:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.865:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.488:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.489:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.490:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.494:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.495:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.496:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.510:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.511:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.512:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.513:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.12:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.13:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.14:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.22:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.518:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.519:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.520:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.521:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.522:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.523:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.524:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.525:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.526:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.527:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.528:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.529:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.678:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.237:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.538:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.539:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.540:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.541:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.542:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.187:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.188:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.189:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.557:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.558:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.559:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.560:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.561:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.568:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.569:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.570:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.571:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.587:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.588:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.589:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.590:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.591:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.592:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.593:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.596:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.597:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.773:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\slartibartfast\Cookies\slartibartfast@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.111:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.651:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.652:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.653:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.654:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.655:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.656:C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\slartibartfast\Local Settings\Temp\mst6C.tmp -> Trojan.Agent.qt : Cleaned.
C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\Content.IE5\K2UIG3YI\xc29[2].exe -> Trojan.Agent.qt : Cleaned.
C:\WINDOWS\Temp\mst1C4.tmp -> Trojan.Agent.qt : Cleaned.
C:\WINDOWS\system32\drvxiz.dll -> Trojan.Agent.qt : Cleaned.
C:\Program Files\Ipwindows\UnInstall.exe -> Trojan.Rond : Cleaned.


::Report end


Also created a startupList Report using HJT


StartupList report, 6/4/2007, 1:36:31 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Desktop Service Centre = C:\Program Files\OptusNet DSL Internet\DSC.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
SystemTray = SysTray.Exe
FmctrlTray = Fmctrl.EXE
ClamWin = "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Control Center = C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\Program Files\Messenger\msnmsgr.exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\system32\nnnkj.dll - {1613AA55-8490-45F1-A6AB-0A2911470629}
(no name) - C:\WINDOWS\system32\hggheef.dll - {A2339A9B-D1F4-4084-9EEE-B9F5CB487527}

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Altap = tskstsh

--------------------------------------------------

End of report, 4,973 bytes
Report generated in 0.221 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Thanks in advance.
Simon

Edited by chickeniam, 04 June 2007 - 05:32 AM.


#2 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 04 June 2007 - 09:40 PM

Ok, so I was naughty and tried to fix everything myself. I hope it worked:

I ran:
COmbofix.ece
Peperfix.exe
SUPERAntiSpyware Free Edition
VundoFix.exe
Hijackthis
spybot S & D
AVG antispyware 7.5

and I'm going to install:

Firewall:
ZoneAlarm Free 7.0

and

Antivirus:
Antivir Personal WINX 7.0


Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:39:19 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 3288 bytes


THanks inadvance
simon

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 06 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,325 posts

Posted 09 June 2007 - 07:40 AM

Hi chickeniam, and Welcome to SWI

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Please don't forget this step to disable teatimer.

Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum in your next reply.
Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)


Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Using Windows Explorer, delete this folder if still there:
C:\Program Files\Ipwindows

Delete your current copy of ComboFix as it's updated often, and download a new copy:
Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.techsuppo...Bs/ComboFix.exe
Save the file to your Desktop.
Double click combofix.exe & follow the prompts.
Don't click on the ComboFix window while its running; that could cause it to stall.
When finished, and after reboot, it should open a log, combofix.txt.
Post that log in your next reply.

Please post a new HijackThis log, the log from SDFix (Report.txt), and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 11 June 2007 - 08:10 AM

THanks so much.

Heres reports:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:06:50 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3758 bytes



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




SDFix: Version 1.86

Run by slartibartfast - Mon 06/11/2007 - 22:41:35.60

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\hook.dll - Deleted
C:\WINDOWS\system32\sms.exe - Deleted
C:\WINDOWS\system32\winamp.exe - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Listing User Accounts:

User accounts for \\BASIL

Administrator ASPNET Guest
HelpAssistant slartibartfast SUPPORT_388945a0


Finished

#6 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 11 June 2007 - 08:11 AM

And the combofix report:


ComboFix 07-06-11.3 - C:\Documents and Settings\slartibartfast\Desktop\MalwareRemovealHELP\ComboFix.exe
"slartibartfast" - 2007-06-11 22:57:37 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-08 00:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-07 06:39 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-06 15:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-05 13:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-06-05 12:51 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-05 12:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-05 12:51 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-05 12:50 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-05 12:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-05 12:45 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-05 11:25 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-05 10:45 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-05 10:30 <DIR> d-------- C:\VundoFix Backups
2007-06-05 09:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-05 09:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-04 23:05 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2007-06-03 23:15 <DIR> d-------- C:\Program Files\Common Files\??pPatch
2007-06-03 23:07 <DIR> d-------- C:\WINDOWS\çasks
2007-06-03 23:07 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 23:06 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-03 23:05 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-06-03 23:03 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\M?crosoft.NET
2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-03 23:02 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\??sks
2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\çasks
2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\ç?sks
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\à?pPatch
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\ç?sks
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\à?pPatch
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?curity
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??curity
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\?icrosoft
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??pPatch
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??mantec
2007-06-03 23:00 <DIR> d-------- C:\Program Files\Common Files\s?stem
2007-06-03 22:59 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-06-03 22:59 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\ç?sks
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-03 22:59 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\T?sks
2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\W?nSxS
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\s?mbols
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\S?mantec
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??stem
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??curity
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\s?curity
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-06-03 22:57 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-06-03 22:57 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àppPatch
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àdobe
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\T?sks
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ystem32
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\??sembly
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\??mantec
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\?ecurity
2007-06-03 22:57 <DIR> d-------- C:\Program Files\T?sks
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\çasks
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\?ymbols
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\?ecurity
2007-06-03 22:57 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-06-03 22:56 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-06-03 22:56 <DIR> dr--s---- C:\WINDOWS\?ssembly


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-07 14:50:42 -------- d-----w C:\Program Files\DivX
2007-06-06 12:58:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\gtk-2.0
2007-06-05 05:35:28 -------- d-----w C:\Program Files\ClamWin
2007-06-05 02:28:33 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\SUPERAntiSpyware.com
2007-06-05 02:28:26 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 13:15:54 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-03 13:11:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem32
2007-06-03 13:10:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\A?pPatch
2007-06-03 13:07:38 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 13:05:58 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem32
2007-06-03 13:05:56 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-03 13:05:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch
2007-06-03 13:05:25 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-03 13:05:02 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 13:04:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch
2007-06-03 13:02:35 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-06-03 13:02:18 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET
2007-06-03 13:02:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem32
2007-06-03 13:01:37 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts
2007-06-03 13:01:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ssembly
2007-06-03 13:01:17 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-03 13:01:04 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-03 13:00:21 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft
2007-06-03 12:59:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks
2007-06-03 12:59:33 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks
2007-06-03 12:59:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\a?sembly
2007-06-03 12:59:15 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-03 12:59:15 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft
2007-06-03 12:58:58 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-03 12:58:55 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymbols
2007-06-03 12:58:53 -------- d-----w C:\Program Files\Common Files\??stem32
2007-06-03 12:58:48 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-06-03 12:58:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET
2007-06-03 12:58:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks
2007-06-03 12:58:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?curity
2007-06-03 12:58:41 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch
2007-06-03 12:58:37 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-03 12:58:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch
2007-06-03 12:58:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??curity
2007-06-03 12:58:17 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle
2007-06-03 12:58:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft
2007-06-03 12:58:07 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle
2007-06-03 12:58:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe
2007-06-03 12:57:49 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-03 12:57:47 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-06-03 12:57:28 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-03 12:57:28 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks
2007-06-03 12:57:27 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-03 12:57:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft
2007-06-03 12:57:22 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?mbols
2007-06-03 12:57:14 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft.NET
2007-06-03 12:57:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mantec
2007-06-03 12:57:06 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-06-03 12:57:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ecurity
2007-06-03 12:57:05 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts
2007-06-03 12:57:04 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymantec
2007-06-03 12:57:03 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET
2007-06-03 12:56:58 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-03 12:56:54 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-03 12:56:53 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe
2007-06-03 12:56:48 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-06-03 12:56:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem
2007-06-03 12:56:44 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\T?sks
2007-06-03 12:56:43 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem
2007-06-03 12:56:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-03 12:56:35 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mbols
2007-06-03 12:56:32 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft
2007-06-03 12:56:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sembly
2007-06-03 12:56:27 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET
2007-06-03 12:56:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\W?nSxS
2007-06-03 12:56:25 -------- d-----w C:\Program Files\Common Files\??stem
2007-06-03 12:56:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem
2007-06-03 12:56:24 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-03 12:56:19 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\S?mantec
2007-06-03 12:56:17 -------- d-----w C:\Program Files\Common Files\??sembly
2007-06-03 12:56:12 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-03 12:56:09 -------- d-----w C:\Program Files\Common Files\??curity
2007-06-03 12:56:08 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-03 12:56:07 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-03 12:56:06 -------- d-----w C:\Program Files\Common Files\??mantec
2007-06-03 07:36:20 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\SpywareBot
2007-06-03 03:44:00 -------- d-----w C:\Program Files\Common Files\??mbols
2007-06-03 03:43:59 -------- d-----w C:\Program Files\Common Files\?ystem
2007-06-02 01:27:04 19 -c--a-w C:\WINDOWS\popcinfo.dat
2007-05-08 23:03:54 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-08 23:02:40 -------- d-----w C:\Program Files\Common Files\GTK
2007-04-30 01:50:58 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-04-30 01:50:23 -------- d-----w C:\Program Files\ASUS
2007-04-30 01:49:46 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-30 01:09:24 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-26 07:43:14 -------- d-----w C:\Program Files\SAMSUNG
2007-04-24 00:54:53 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\Apple Computer
2007-04-24 00:54:20 -------- d-----w C:\Program Files\iTunes
2007-04-24 00:54:05 -------- d-----w C:\Program Files\iPod
2007-04-18 15:16:22 -------- d-----w C:\Program Files\QuickTime
2007-04-14 01:48:27 -------- d-----w C:\Program Files\dumdumSAMSUNG
2007-03-15 02:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 02:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-14 22:04:35 1,404 -c--a-w C:\WINDOWS\mozver.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2004-01-12 20:04]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 20:47 C:\WINDOWS\system32\fmctrl.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-12-17 13:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 22:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Messenger\msnmsgr.exe" [2005-08-13 12:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-01 10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=00000000
"MaxRecentDocs"=10 (0xa)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]

*Newly Created Service* - HELPSVC

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 23:00:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-11 23:03:01
C:\ComboFix-quarantined-files.txt ... 2007-06-11 23:02
C:\ComboFix2.txt ... 2007-06-05 11:25

--- E O F ---


The only error I encountered was......Combofix never rebooted my machine, it just displayed it's report txt.

thanks again...

#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,325 posts

Posted 11 June 2007 - 05:37 PM

Please run Notepad and copy & paste the text inside the code box (starting with @echo off and ending with dp0log.txt") into a new file:

@echo off
(
chcp
set&echo.
cd /d "%systemroot%" && dir /ad/x/tc/o-d
cd /d "%systemroot%" && dir /ad/x/tc/o-d
cd /d "%commonprogramfiles%" && dir /ad/x/tc/o-d
cd /d "%programfiles%" && dir /ad/x/tc/o-d
cd /d %AppData% && dir /ad/x/tc/o-d
)>"%~dp0log.txt"
start notepad "%~dp0log.txt"

Save the file to the Desktop as look.bat, and make sure the "Save as type" field says "All files". Then double-click on the look.bat file on the desktop. This will open Notepad with some text. Please post the contents in your next reply.

Please post a new HijackThis log, the text from running the above batch file, and in a second reply (due to possible length) the contents of the file C:\ComboFix2.txt dated 2007-06-05 11:25.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 12 June 2007 - 02:54 AM

ok.



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:52:01 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3707 bytes




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




Active code page: 437
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\slartibartfast\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\slartibartfast
LOGONSERVER=\\BASIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp
TMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp
tvdumpflags=8
USERDOMAIN=BASIL
USERNAME=slartibartfast
USERPROFILE=C:\Documents and Settings\slartibartfast
windir=C:\WINDOWS

Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\WINDOWS

06/07/2007 06:39 AM <DIR> CSC
06/06/2007 03:05 PM <DIR> SxsCaPendDel
06/05/2007 12:45 PM <DIR> Internet Logs
06/05/2007 11:27 AM <DIR> TEMP
06/05/2007 11:17 AM <DIR> erdnt
06/03/2007 11:07 PM <DIR> çasks
06/03/2007 11:03 PM <DIR> ??crosoft
06/03/2007 11:03 PM <DIR> M?crosoft.NET
06/03/2007 11:01 PM <DIR> ??sks
06/03/2007 11:01 PM <DIR> ?asks
06/03/2007 11:00 PM <DIR> ??pPatch
06/03/2007 11:00 PM <DIR> M?crosoft
06/03/2007 11:00 PM <DIR> ?icrosoft
06/03/2007 11:00 PM <DIR> ??mantec
06/03/2007 10:59 PM <DIR> ç?sks
06/03/2007 10:59 PM <DIR> a?sembly
06/03/2007 10:59 PM <DIR> ?icrosoft.NET
06/03/2007 10:59 PM <DIR> ??crosoft
06/03/2007 10:58 PM <DIR> ??crosoft.NET
06/03/2007 10:58 PM <DIR> s?mbols
06/03/2007 10:58 PM <DIR> ??curity
06/03/2007 10:58 PM <DIR> T?sks
06/03/2007 10:58 PM <DIR> ??stem
06/03/2007 10:58 PM <DIR> S?mantec
06/03/2007 10:57 PM <DIR> ?ecurity
06/03/2007 10:57 PM <DIR> W?nSxS
06/03/2007 10:57 PM <DIR> F?nts
06/03/2007 10:56 PM <DIR> ?ppPatch
06/03/2007 10:56 PM <DIR> ?dobe
06/03/2007 10:56 PM <DIR> s?stem32
06/03/2007 10:56 PM <DIR> à?pPatch
06/03/2007 10:56 PM <DIR> ?ssembly
06/03/2007 10:56 PM <DIR> s?stem
06/03/2007 10:56 PM <DIR> ?icrosoft.NET
06/03/2007 10:56 PM <DIR> F?nts
06/03/2007 10:56 PM <DIR> ?ymantec
06/03/2007 10:56 PM <DIR> ??crosoft.NET
06/03/2007 10:56 PM <DIR> ??sembly
06/03/2007 10:56 PM <DIR> ?ymbols
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ?ystem32
06/03/2007 10:56 PM <DIR> ??stem32
06/03/2007 10:56 PM <DIR> s?curity
06/03/2007 10:56 PM <DIR> ?ystem
06/03/2007 10:56 PM <DIR> àppPatch
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ?icrosoft
06/03/2007 01:44 PM <DIR> àdobe
06/03/2007 01:44 PM <DIR> ??mbols
05/31/2007 03:08 AM <DIR> assembly
05/31/2007 03:06 AM <DIR> Microsoft.NET
03/13/2007 10:53 PM <DIR> Datalcrn
02/11/2007 10:14 PM <DIR> Minidump
02/05/2007 09:36 PM <DIR> Downloaded Installations
01/29/2007 01:48 PM <DIR> ShellNew
01/26/2007 10:17 PM <DIR> INSTAL~1 Installer
01/26/2007 10:06 PM <DIR> PeerNet
01/26/2007 10:06 PM <DIR> ehome
01/26/2007 10:06 PM <DIR> pchealth
01/26/2007 10:06 PM <DIR> Motorola
01/26/2007 10:06 PM <DIR> WinSxS
01/26/2007 10:06 PM <DIR> ime
01/26/2007 10:06 PM <DIR> mui
01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning
01/26/2007 10:06 PM <DIR> RESOUR~1 Resources
01/26/2007 10:06 PM <DIR> AppPatch
01/26/2007 10:06 PM <DIR> Debug
01/26/2007 10:06 PM <DIR> twain_32
01/26/2007 10:06 PM <DIR> msapps
01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache
01/26/2007 10:06 PM <DIR> security
01/26/2007 10:06 PM <DIR> Fonts
01/26/2007 10:06 PM <DIR> Media
01/26/2007 10:06 PM <DIR> java
01/26/2007 10:06 PM <DIR> Cursors
01/26/2007 10:06 PM <DIR> Help
01/26/2007 10:06 PM <DIR> Web
01/26/2007 10:06 PM <DIR> msagent
01/26/2007 10:06 PM <DIR> inf
01/26/2007 10:06 PM <DIR> repair
01/26/2007 10:06 PM <DIR> system
01/26/2007 10:06 PM <DIR> ..
01/26/2007 10:06 PM <DIR> .
01/26/2007 10:06 PM <DIR> system32
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:53 PM <DIR> WBEM
01/26/2007 04:51 PM <DIR> ie7
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$
01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$
01/26/2007 04:49 PM <DIR> $hf_mig$
01/26/2007 03:28 PM <DIR> msdownld.tmp
01/26/2007 12:14 PM <DIR> SoftwareDistribution
01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages
01/26/2007 11:56 AM <DIR> DOWNLO~1 Downloaded Program Files
01/26/2007 11:54 AM <DIR> Tasks
01/26/2007 11:54 AM <DIR> srchasst
01/26/2007 11:51 AM <DIR> REGIST~1 Registration
0 File(s) 0 bytes
98 Dir(s) 5,366,390,784 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\WINDOWS

06/07/2007 06:39 AM <DIR> CSC
06/06/2007 03:05 PM <DIR> SxsCaPendDel
06/05/2007 12:45 PM <DIR> Internet Logs
06/05/2007 11:27 AM <DIR> TEMP
06/05/2007 11:17 AM <DIR> erdnt
06/03/2007 11:07 PM <DIR> çasks
06/03/2007 11:03 PM <DIR> ??crosoft
06/03/2007 11:03 PM <DIR> M?crosoft.NET
06/03/2007 11:01 PM <DIR> ??sks
06/03/2007 11:01 PM <DIR> ?asks
06/03/2007 11:00 PM <DIR> ??pPatch
06/03/2007 11:00 PM <DIR> M?crosoft
06/03/2007 11:00 PM <DIR> ?icrosoft
06/03/2007 11:00 PM <DIR> ??mantec
06/03/2007 10:59 PM <DIR> ç?sks
06/03/2007 10:59 PM <DIR> a?sembly
06/03/2007 10:59 PM <DIR> ?icrosoft.NET
06/03/2007 10:59 PM <DIR> ??crosoft
06/03/2007 10:58 PM <DIR> ??crosoft.NET
06/03/2007 10:58 PM <DIR> s?mbols
06/03/2007 10:58 PM <DIR> ??curity
06/03/2007 10:58 PM <DIR> T?sks
06/03/2007 10:58 PM <DIR> ??stem
06/03/2007 10:58 PM <DIR> S?mantec
06/03/2007 10:57 PM <DIR> ?ecurity
06/03/2007 10:57 PM <DIR> W?nSxS
06/03/2007 10:57 PM <DIR> F?nts
06/03/2007 10:56 PM <DIR> ?ppPatch
06/03/2007 10:56 PM <DIR> ?dobe
06/03/2007 10:56 PM <DIR> s?stem32
06/03/2007 10:56 PM <DIR> à?pPatch
06/03/2007 10:56 PM <DIR> ?ssembly
06/03/2007 10:56 PM <DIR> s?stem
06/03/2007 10:56 PM <DIR> ?icrosoft.NET
06/03/2007 10:56 PM <DIR> F?nts
06/03/2007 10:56 PM <DIR> ?ymantec
06/03/2007 10:56 PM <DIR> ??crosoft.NET
06/03/2007 10:56 PM <DIR> ??sembly
06/03/2007 10:56 PM <DIR> ?ymbols
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ?ystem32
06/03/2007 10:56 PM <DIR> ??stem32
06/03/2007 10:56 PM <DIR> s?curity
06/03/2007 10:56 PM <DIR> ?ystem
06/03/2007 10:56 PM <DIR> àppPatch
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ?icrosoft
06/03/2007 01:44 PM <DIR> àdobe
06/03/2007 01:44 PM <DIR> ??mbols
05/31/2007 03:08 AM <DIR> assembly
05/31/2007 03:06 AM <DIR> Microsoft.NET
03/13/2007 10:53 PM <DIR> Datalcrn
02/11/2007 10:14 PM <DIR> Minidump
02/05/2007 09:36 PM <DIR> Downloaded Installations
01/29/2007 01:48 PM <DIR> ShellNew
01/26/2007 10:17 PM <DIR> INSTAL~1 Installer
01/26/2007 10:06 PM <DIR> PeerNet
01/26/2007 10:06 PM <DIR> ehome
01/26/2007 10:06 PM <DIR> pchealth
01/26/2007 10:06 PM <DIR> Motorola
01/26/2007 10:06 PM <DIR> WinSxS
01/26/2007 10:06 PM <DIR> ime
01/26/2007 10:06 PM <DIR> mui
01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning
01/26/2007 10:06 PM <DIR> RESOUR~1 Resources
01/26/2007 10:06 PM <DIR> AppPatch
01/26/2007 10:06 PM <DIR> Debug
01/26/2007 10:06 PM <DIR> twain_32
01/26/2007 10:06 PM <DIR> msapps
01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache
01/26/2007 10:06 PM <DIR> security
01/26/2007 10:06 PM <DIR> Fonts
01/26/2007 10:06 PM <DIR> Media
01/26/2007 10:06 PM <DIR> java
01/26/2007 10:06 PM <DIR> Cursors
01/26/2007 10:06 PM <DIR> Help
01/26/2007 10:06 PM <DIR> Web
01/26/2007 10:06 PM <DIR> msagent
01/26/2007 10:06 PM <DIR> inf
01/26/2007 10:06 PM <DIR> repair
01/26/2007 10:06 PM <DIR> system
01/26/2007 10:06 PM <DIR> ..
01/26/2007 10:06 PM <DIR> .
01/26/2007 10:06 PM <DIR> system32
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:53 PM <DIR> WBEM
01/26/2007 04:51 PM <DIR> ie7
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$
01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$
01/26/2007 04:49 PM <DIR> $hf_mig$
01/26/2007 03:28 PM <DIR> msdownld.tmp
01/26/2007 12:14 PM <DIR> SoftwareDistribution
01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages
01/26/2007 11:56 AM <DIR> DOWNLO~1 Downloaded Program Files
01/26/2007 11:54 AM <DIR> Tasks
01/26/2007 11:54 AM <DIR> srchasst
01/26/2007 11:51 AM <DIR> REGIST~1 Registration
0 File(s) 0 bytes
98 Dir(s) 5,366,382,592 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Program Files\Common Files

06/03/2007 11:15 PM <DIR> ??pPatch
06/03/2007 11:07 PM <DIR> ?icrosoft.NET
06/03/2007 11:05 PM <DIR> ?asks
06/03/2007 11:05 PM <DIR> ??crosoft.NET
06/03/2007 11:05 PM <DIR> ?icrosoft.NET
06/03/2007 11:02 PM <DIR> ?ystem32
06/03/2007 11:01 PM <DIR> A?pPatch
06/03/2007 11:01 PM <DIR> ç?sks
06/03/2007 11:01 PM <DIR> F?nts
06/03/2007 11:01 PM <DIR> à?pPatch
06/03/2007 11:00 PM <DIR> s?stem
06/03/2007 10:59 PM <DIR> ??crosoft
06/03/2007 10:58 PM <DIR> ?dobe
06/03/2007 10:58 PM <DIR> ??stem32
06/03/2007 10:58 PM <DIR> ?ymantec
06/03/2007 10:58 PM <DIR> s?curity
06/03/2007 10:58 PM <DIR> ?icrosoft
06/03/2007 10:58 PM <DIR> W?nSxS
06/03/2007 10:57 PM <DIR> S?mantec
06/03/2007 10:57 PM <DIR> ??sks
06/03/2007 10:57 PM <DIR> s?mbols
06/03/2007 10:57 PM <DIR> ?ymbols
06/03/2007 10:57 PM <DIR> çasks
06/03/2007 10:57 PM <DIR> ?icrosoft
06/03/2007 10:57 PM <DIR> M?crosoft
06/03/2007 10:57 PM <DIR> F?nts
06/03/2007 10:57 PM <DIR> s?stem32
06/03/2007 10:57 PM <DIR> ?ecurity
06/03/2007 10:56 PM <DIR> ??crosoft
06/03/2007 10:56 PM <DIR> ?ppPatch
06/03/2007 10:56 PM <DIR> ?ssembly
06/03/2007 10:56 PM <DIR> a?sembly
06/03/2007 10:56 PM <DIR> ??crosoft.NET
06/03/2007 10:56 PM <DIR> T?sks
06/03/2007 10:56 PM <DIR> ??stem
06/03/2007 10:56 PM <DIR> àdobe
06/03/2007 10:56 PM <DIR> ??sembly
06/03/2007 10:56 PM <DIR> M?crosoft.NET
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ??curity
06/03/2007 10:56 PM <DIR> àppPatch
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ??mantec
06/03/2007 01:44 PM <DIR> ??mbols
06/03/2007 01:43 PM <DIR> ?ystem
05/09/2007 09:02 AM <DIR> GTK
04/03/2007 03:03 PM <DIR> Wise Installation Wizard
01/29/2007 01:49 PM <DIR> Designer
01/28/2007 06:42 PM <DIR> Adobe
01/26/2007 10:17 PM <DIR> ODBC
01/26/2007 10:17 PM <DIR> SPEECH~1 SpeechEngines
01/26/2007 10:17 PM <DIR> MICROS~1 Microsoft Shared
01/26/2007 10:17 PM <DIR> .
01/26/2007 10:17 PM <DIR> ..
01/26/2007 03:27 PM <DIR> InstallShield
01/26/2007 11:54 AM <DIR> Services
01/26/2007 11:54 AM <DIR> MSSoap
01/26/2007 11:53 AM <DIR> System
0 File(s) 0 bytes
58 Dir(s) 5,366,366,208 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Program Files

06/06/2007 03:06 PM <DIR> Adobe
06/05/2007 01:14 PM <DIR> AntiVir PersonalEdition Classic
06/05/2007 12:45 PM <DIR> Zone Labs
06/05/2007 09:22 AM <DIR> SUPERAntiSpyware
06/03/2007 11:24 PM <DIR> Grisoft
06/03/2007 10:57 PM <DIR> T?sks
06/03/2007 05:37 PM <DIR> Spybot - Search & Destroy
06/03/2007 01:51 PM <DIR> AnVir Virus Destroyer
06/02/2007 12:46 AM <DIR> Sierra
05/15/2007 12:40 PM <DIR> Enigma Software Group
05/09/2007 09:03 AM <DIR> GIMP-2.0
04/30/2007 11:09 AM <DIR> ASUS
04/24/2007 10:54 AM <DIR> iPod
04/24/2007 10:53 AM <DIR> iTunes
04/19/2007 01:15 AM <DIR> QuickTime
04/14/2007 01:04 PM <DIR> SAMSUNG
04/14/2007 11:35 AM <DIR> dumdumSAMSUNG
04/03/2007 03:04 PM <DIR> EndNote 9
03/22/2007 08:26 PM <DIR> DivX
03/07/2007 11:04 AM <DIR> Cucusoft
02/18/2007 05:55 PM <DIR> Audacity
02/11/2007 10:03 PM <DIR> TVPaint Developpement
02/11/2007 08:32 PM <DIR> VideoLAN
02/11/2007 05:54 PM <DIR> Ambient Design
02/11/2007 02:07 PM <DIR> BitLord
02/05/2007 09:36 PM <DIR> BOINC
02/05/2007 01:10 AM <DIR> Opera
02/02/2007 09:55 PM <DIR> ClamWin
02/02/2007 09:51 PM <DIR> WinRAR
01/29/2007 01:50 PM <DIR> Microsoft ActiveSync
01/29/2007 01:48 PM <DIR> Microsoft Office
01/26/2007 10:17 PM <DIR> COMMON~1 Common Files
01/26/2007 10:17 PM <DIR> ..
01/26/2007 10:17 PM <DIR> .
01/26/2007 04:33 PM <DIR> Java
01/26/2007 03:46 PM <DIR> Mozilla Firefox
01/26/2007 03:27 PM <DIR> D-Link
01/26/2007 03:27 PM <DIR> InstallShield Installation Information
01/26/2007 03:27 PM <DIR> OptusNet DSL Internet
01/26/2007 12:17 PM <DIR> Uninstall Information
01/26/2007 12:01 PM <DIR> xerox
01/26/2007 12:01 PM <DIR> MSNGAM~1 msn gaming zone
01/26/2007 12:01 PM <DIR> MICROS~1 microsoft frontpage
01/26/2007 11:56 AM <DIR> WINDOW~3 WindowsUpdate
01/26/2007 11:55 AM <DIR> ONLINE~1 Online Services
01/26/2007 11:54 AM <DIR> MOVIEM~1 Movie Maker
01/26/2007 11:53 AM <DIR> NETMEE~1 NetMeeting
01/26/2007 11:53 AM <DIR> OUTLOO~1 Outlook Express
01/26/2007 11:53 AM <DIR> INTERN~1 Internet Explorer
01/26/2007 11:51 AM <DIR> WINDOW~2 Windows Media Player
01/26/2007 11:50 AM <DIR> MESSEN~1 Messenger
01/26/2007 11:50 AM <DIR> WINDOW~1 Windows NT
0 File(s) 0 bytes
52 Dir(s) 5,366,366,208 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Documents and Settings\slartibartfast\Application Data

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware.com
06/03/2007 11:11 PM <DIR> ??stem32
06/03/2007 11:10 PM <DIR> A?pPatch
06/03/2007 11:05 PM <DIR> s?stem32
06/03/2007 11:05 PM <DIR> à?pPatch
06/03/2007 11:04 PM <DIR> àppPatch
06/03/2007 11:02 PM <DIR> ??crosoft.NET
06/03/2007 11:02 PM <DIR> ?ystem32
06/03/2007 11:01 PM <DIR> F?nts
06/03/2007 11:01 PM <DIR> ?ssembly
06/03/2007 11:00 PM <DIR> ??crosoft
06/03/2007 10:59 PM <DIR> ?asks
06/03/2007 10:59 PM <DIR> ç?sks
06/03/2007 10:59 PM <DIR> a?sembly
06/03/2007 10:59 PM <DIR> ??crosoft
06/03/2007 10:58 PM <DIR> ?ymbols
06/03/2007 10:58 PM <DIR> ??crosoft.NET
06/03/2007 10:58 PM <DIR> ??sks
06/03/2007 10:58 PM <DIR> s?curity
06/03/2007 10:58 PM <DIR> ?ppPatch
06/03/2007 10:58 PM <DIR> ??pPatch
06/03/2007 10:58 PM <DIR> ??curity
06/03/2007 10:58 PM <DIR> ?racle
06/03/2007 10:58 PM <DIR> ?icrosoft
06/03/2007 10:58 PM <DIR> ?racle
06/03/2007 10:58 PM <DIR> àdobe
06/03/2007 10:57 PM <DIR> çasks
06/03/2007 10:57 PM <DIR> M?crosoft
06/03/2007 10:57 PM <DIR> s?mbols
06/03/2007 10:57 PM <DIR> M?crosoft.NET
06/03/2007 10:57 PM <DIR> ??mantec
06/03/2007 10:57 PM <DIR> ?ecurity
06/03/2007 10:57 PM <DIR> F?nts
06/03/2007 10:57 PM <DIR> ?ymantec
06/03/2007 10:57 PM <DIR> ?icrosoft.NET
06/03/2007 10:56 PM <DIR> ?dobe
06/03/2007 10:56 PM <DIR> s?stem
06/03/2007 10:56 PM <DIR> T?sks
06/03/2007 10:56 PM <DIR> ?ystem
06/03/2007 10:56 PM <DIR> ??mbols
06/03/2007 10:56 PM <DIR> ?icrosoft
06/03/2007 10:56 PM <DIR> ??sembly
06/03/2007 10:56 PM <DIR> ?icrosoft.NET
06/03/2007 10:56 PM <DIR> W?nSxS
06/03/2007 10:56 PM <DIR> ??stem
06/03/2007 10:56 PM <DIR> S?mantec
06/03/2007 05:13 PM <DIR> SpywareBot
05/09/2007 09:07 AM <DIR> gtk-2.0
04/03/2007 03:06 PM <DIR> EndNote
04/03/2007 12:44 PM <DIR> GetRightToGo
02/11/2007 10:05 PM <DIR> tvpaint animation
02/11/2007 08:37 PM <DIR> vlc
02/11/2007 08:35 PM <DIR> COWON
02/11/2007 05:55 PM <DIR> Ambient Design
02/06/2007 11:01 AM <DIR> Apple Computer
02/05/2007 01:11 AM <DIR> Opera
01/28/2007 07:04 PM <DIR> Adobe
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:32 PM <DIR> Macromedia
01/26/2007 03:46 PM <DIR> Mozilla
01/26/2007 12:17 PM <DIR> Identities
01/26/2007 12:17 PM <DIR> ..
01/26/2007 12:17 PM <DIR> .
01/26/2007 12:17 PM <DIR> Microsoft
0 File(s) 0 bytes
64 Dir(s) 5,366,366,208 bytes free




...etc...

#9 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 12 June 2007 - 02:55 AM

"slartibartfast" - 2007-06-05 11:08:42 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\slartibartfast\Desktop\"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



-- Purity Folders:
C:\DOCUME~1\slartibartfast\Application Data\?ecurity
C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET
C:\DOCUME~1\slartibartfast\Application Data\?racle
C:\DOCUME~1\slartibartfast\Application Data\?ssembly
C:\DOCUME~1\slartibartfast\Application Data\?ymantec
C:\DOCUME~1\slartibartfast\Application Data\?ymbols
C:\DOCUME~1\slartibartfast\Application Data\?ystem
C:\DOCUME~1\slartibartfast\Application Data\?ystem32
C:\DOCUME~1\slartibartfast\Application Data\A?pPatch
C:\DOCUME~1\slartibartfast\Application Data\a?sembly
C:\DOCUME~1\slartibartfast\Application Data\Adobe
C:\DOCUME~1\slartibartfast\Application Data\F?nts
C:\DOCUME~1\slartibartfast\Application Data\M?crosoft.NET
C:\DOCUME~1\slartibartfast\Application Data\Microsoft
C:\DOCUME~1\slartibartfast\Application Data\s?curity
C:\DOCUME~1\slartibartfast\Application Data\S?mantec
C:\DOCUME~1\slartibartfast\Application Data\s?mbols
C:\DOCUME~1\slartibartfast\Application Data\s?stem
C:\DOCUME~1\slartibartfast\Application Data\s?stem32
C:\DOCUME~1\slartibartfast\Application Data\T?sks
C:\DOCUME~1\slartibartfast\Application Data\W?nSxS
C:\DOCUME~1\slartibartfast\Application Data\àppPatch
C:\DOCUME~1\slartibartfast\Application Data\àppPatch
C:\DOCUME~1\slartibartfast\Application Data\çasks
C:\DOCUME~1\slartibartfast\Application Data\çasks
C:\DOCUME~1\slartibartfast\Desktop\internet.lnk
C:\DOCUME~1\slartibartfast\My Documents\??pPatch
C:\DOCUME~1\slartibartfast\My Documents\?racle
C:\DOCUME~1\slartibartfast\My Documents\M?crosoft
C:\DOCUME~1\slartibartfast\My Documents\M?crosoft.NET
C:\DOCUME~1\slartibartfast\My Documents\S?mantec
C:\DOCUME~1\slartibartfast\My Documents\T?sks
C:\DOCUME~1\slartibartfast\My Documents\àdobe
C:\Program Files\?ecurity
C:\Program Files\?icrosoft
C:\Program Files\?icrosoft.NET
C:\Program Files\?racle
C:\Program Files\?ssembly
C:\Program Files\?ymantec
C:\Program Files\?ymbols
C:\Program Files\?ystem
C:\Program Files\?ystem32
C:\Program Files\A?pPatch
C:\Program Files\a?sembly
C:\Program Files\Adobe
C:\Program Files\Common Files\?ecurity
C:\Program Files\Common Files\?icrosoft
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\?racle
C:\Program Files\Common Files\?ssembly
C:\Program Files\Common Files\?ymantec
C:\Program Files\Common Files\?ymbols
C:\Program Files\Common Files\?ystem32
C:\Program Files\Common Files\A?pPatch
C:\Program Files\Common Files\a?sembly
C:\Program Files\Common Files\Adobe
C:\Program Files\Common Files\F?nts
C:\Program Files\Common Files\M?crosoft
C:\Program Files\Common Files\M?crosoft.NET
C:\Program Files\Common Files\s?curity
C:\Program Files\Common Files\S?mantec
C:\Program Files\Common Files\s?mbols
C:\Program Files\Common Files\s?stem32
C:\Program Files\Common Files\System
C:\Program Files\Common Files\T?sks
C:\Program Files\Common Files\W?nSxS
C:\Program Files\Common Files\àppPatch
C:\Program Files\Common Files\àppPatch
C:\Program Files\Common Files\çasks
C:\Program Files\Common Files\çasks
C:\Program Files\F?nts
C:\Program Files\inetget2
C:\Program Files\M?crosoft
C:\Program Files\M?crosoft.NET
C:\Program Files\s?curity
C:\Program Files\S?mantec
C:\Program Files\s?mbols
C:\Program Files\s?stem
C:\Program Files\s?stem32
C:\Program Files\T?sks
C:\Program Files\W?nSxS
C:\Program Files\àppPatch
C:\Program Files\àppPatch
C:\Program Files\çasks
C:\Program Files\çasks
C:\WINDOWS\?icrosoft
C:\WINDOWS\?racle
C:\WINDOWS\?ymantec
C:\WINDOWS\?ymbols
C:\WINDOWS\AppPatch
C:\WINDOWS\assembly
C:\WINDOWS\Fonts
C:\WINDOWS\M?crosoft
C:\WINDOWS\Microsoft.NET
C:\WINDOWS\S?mantec
C:\WINDOWS\s?mbols
C:\WINDOWS\security
C:\WINDOWS\smgr.exe
C:\WINDOWS\system
C:\WINDOWS\system32
C:\WINDOWS\system32\?ecurity
C:\WINDOWS\system32\?icrosoft.NET
C:\WINDOWS\system32\?racle
C:\WINDOWS\system32\?ssembly
C:\WINDOWS\system32\?ymantec
C:\WINDOWS\system32\?ymbols
C:\WINDOWS\system32\?ystem
C:\WINDOWS\system32\?ystem32
C:\WINDOWS\system32\A?pPatch
C:\WINDOWS\system32\a?sembly
C:\WINDOWS\system32\F?nts
C:\WINDOWS\system32\icons
C:\WINDOWS\system32\icons\Ball.png
C:\WINDOWS\system32\icons\Clock.png
C:\WINDOWS\system32\icons\Longhorn 5.png
C:\WINDOWS\system32\icons\Longhorn.png
C:\WINDOWS\system32\M?crosoft.NET
C:\WINDOWS\system32\Microsoft
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\s?curity
C:\WINDOWS\system32\S?mantec
C:\WINDOWS\system32\s?mbols
C:\WINDOWS\system32\s?stem
C:\WINDOWS\system32\s?stem32
C:\WINDOWS\system32\T?sks
C:\WINDOWS\system32\W?nSxS
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\àdobe
C:\WINDOWS\system32\àppPatch
C:\WINDOWS\system32\àppPatch
C:\WINDOWS\system32\çasks
C:\WINDOWS\system32\çasks
C:\WINDOWS\Tasks
C:\WINDOWS\WinSxS
C:\WINDOWS\wr.txt
C:\WINDOWS\àdobe
C:\WINDOWS\àppPatch
C:\WINDOWS\çasks


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))


2007-06-05 11:19 <DIR> d-------- C:\Avenger
2007-06-05 10:45 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-05 10:30 <DIR> d-------- C:\VundoFix Backups
2007-06-05 09:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-05 09:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-04 23:05 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2007-06-03 23:26 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-03 23:15 <DIR> d-------- C:\Program Files\Common Files\??pPatch
2007-06-03 23:10 <DIR> d-------- C:\Program Files\??pPatch
2007-06-03 23:07 <DIR> d-------- C:\WINDOWS\çasks
2007-06-03 23:07 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 23:06 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-03 23:05 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-06-03 23:05 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-06-03 23:03 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\M?crosoft.NET
2007-06-03 23:03 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-03 23:03 <DIR> d-------- C:\Program Files\?icrosoft.NET
2007-06-03 23:02 <DIR> d-------- C:\Program Files\s?mbols
2007-06-03 23:02 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-03 23:01 <DIR> d---s---- C:\WINDOWS\??sks
2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\çasks
2007-06-03 23:01 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\ç?sks
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\à?pPatch
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\F?nts
2007-06-03 23:01 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2007-06-03 23:01 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-03 23:01 <DIR> d-------- C:\Program Files\??crosoft
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\ç?sks
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\à?pPatch
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\s?curity
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\system32\??curity
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\?icrosoft
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??pPatch
2007-06-03 23:00 <DIR> d-------- C:\WINDOWS\??mantec
2007-06-03 23:00 <DIR> d-------- C:\Program Files\ç?sks
2007-06-03 23:00 <DIR> d-------- C:\Program Files\Common Files\s?stem
2007-06-03 23:00 <DIR> d-------- C:\Program Files\?ymantec
2007-06-03 23:00 <DIR> d-------- C:\Program Files\?racle
2007-06-03 23:00 <DIR> d-------- C:\Program Files\??sks
2007-06-03 22:59 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-06-03 22:59 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\ç?sks
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-06-03 22:59 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-03 22:59 <DIR> d-------- C:\Program Files\àppPatch
2007-06-03 22:59 <DIR> d-------- C:\Program Files\s?stem32
2007-06-03 22:59 <DIR> d-------- C:\Program Files\s?curity
2007-06-03 22:59 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-03 22:59 <DIR> d-------- C:\Program Files\?ymbols
2007-06-03 22:59 <DIR> d-------- C:\Program Files\?dobe
2007-06-03 22:59 <DIR> d-------- C:\Program Files\?asks
2007-06-03 22:59 <DIR> d-------- C:\Program Files\??mbols
2007-06-03 22:59 <DIR> d-------- C:\Program Files\??crosoft.NET
2007-06-03 22:59 <DIR> d-------- C:\Program Files\??crosoft.NET
2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\T?sks
2007-06-03 22:58 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\W?nSxS
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\system32\S?mantec
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\s?mbols
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\S?mantec
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\A?pPatch
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??stem
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??curity
2007-06-03 22:58 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-06-03 22:58 <DIR> d-------- C:\Program Files\à?pPatch
2007-06-03 22:58 <DIR> d-------- C:\Program Files\W?nSxS
2007-06-03 22:58 <DIR> d-------- C:\Program Files\s?stem
2007-06-03 22:58 <DIR> d-------- C:\Program Files\M?crosoft
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\s?curity
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-06-03 22:58 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-06-03 22:58 <DIR> d-------- C:\Program Files\?racle
2007-06-03 22:58 <DIR> d-------- C:\Program Files\?icrosoft.NET
2007-06-03 22:57 <DIR> dr--s---- C:\WINDOWS\F?nts
2007-06-03 22:57 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àppPatch
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\àdobe
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\T?sks
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ystem32
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?ppPatch
2007-06-03 22:57 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-04 23:22:15 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\SUPERAntiSpyware.com
2007-06-04 23:21:42 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 15:48:20 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\gtk-2.0
2007-06-03 13:15:54 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-03 13:11:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem32
2007-06-03 13:10:48 -------- d-----w C:\Program Files\??pPatch
2007-06-03 13:10:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\A?pPatch
2007-06-03 13:07:38 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 13:05:58 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem32
2007-06-03 13:05:56 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-03 13:05:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch
2007-06-03 13:05:25 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-03 13:05:02 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-03 13:04:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch
2007-06-03 13:03:05 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-03 13:02:35 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-06-03 13:02:18 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET
2007-06-03 13:02:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem32
2007-06-03 13:01:57 -------- d-----w C:\Program Files\??crosoft
2007-06-03 13:01:37 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts
2007-06-03 13:01:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ssembly
2007-06-03 13:01:17 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-03 13:01:13 -------- d-----w C:\Program Files\?icrosoft
2007-06-03 13:01:04 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-03 13:00:58 -------- d-----w C:\Program Files\?ymantec
2007-06-03 13:00:44 -------- d-----w C:\Program Files\??sks
2007-06-03 13:00:22 -------- d-----w C:\Program Files\?racle
2007-06-03 13:00:21 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft
2007-06-03 13:00:08 -------- d-----w C:\Program Files\??sks
2007-06-03 12:59:58 -------- d-----w C:\Program Files\?ymbols
2007-06-03 12:59:53 -------- d-----w C:\Program Files\??mbols
2007-06-03 12:59:49 -------- d-----w C:\Program Files\?asks
2007-06-03 12:59:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks
2007-06-03 12:59:33 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks
2007-06-03 12:59:25 -------- d-----w C:\Program Files\?ppPatch
2007-06-03 12:59:19 -------- d-----w C:\Program Files\?dobe
2007-06-03 12:59:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\a?sembly
2007-06-03 12:59:15 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-03 12:59:15 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft
2007-06-03 12:59:08 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-03 12:59:00 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-03 12:58:59 -------- d-----w C:\Program Files\??pPatch
2007-06-03 12:58:58 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-03 12:58:55 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymbols
2007-06-03 12:58:53 -------- d-----w C:\Program Files\Common Files\??stem32
2007-06-03 12:58:48 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-06-03 12:58:47 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??crosoft.NET
2007-06-03 12:58:46 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sks
2007-06-03 12:58:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?curity
2007-06-03 12:58:41 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ppPatch
2007-06-03 12:58:37 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-03 12:58:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??pPatch
2007-06-03 12:58:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??curity
2007-06-03 12:58:17 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle
2007-06-03 12:58:16 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft
2007-06-03 12:58:12 -------- d-----w C:\Program Files\?racle
2007-06-03 12:58:07 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?racle
2007-06-03 12:58:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe
2007-06-03 12:58:05 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-03 12:57:55 -------- d-----w C:\Program Files\??mantec
2007-06-03 12:57:54 -------- d-----w C:\Program Files\?asks
2007-06-03 12:57:49 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-03 12:57:47 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-06-03 12:57:43 -------- d-----w C:\Program Files\??stem
2007-06-03 12:57:32 -------- d-----w C:\Program Files\??sembly
2007-06-03 12:57:28 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-03 12:57:28 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?asks
2007-06-03 12:57:27 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-03 12:57:24 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft
2007-06-03 12:57:22 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?mbols
2007-06-03 12:57:19 -------- d-----w C:\Program Files\?icrosoft
2007-06-03 12:57:14 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\M?crosoft.NET
2007-06-03 12:57:09 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mantec
2007-06-03 12:57:08 -------- d-----w C:\Program Files\?ystem32
2007-06-03 12:57:06 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-06-03 12:57:06 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ecurity
2007-06-03 12:57:05 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\F?nts
2007-06-03 12:57:04 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ymantec
2007-06-03 12:57:03 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET
2007-06-03 12:56:58 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-03 12:56:58 -------- d-----w C:\Program Files\??crosoft
2007-06-03 12:56:57 -------- d-----w C:\Program Files\?ssembly
2007-06-03 12:56:54 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-03 12:56:53 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?dobe
2007-06-03 12:56:48 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-06-03 12:56:46 -------- d-----w C:\Program Files\??stem32
2007-06-03 12:56:45 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\s?stem
2007-06-03 12:56:44 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\T?sks
2007-06-03 12:56:43 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?ystem
2007-06-03 12:56:40 -------- d-----w C:\Program Files\?ecurity
2007-06-03 12:56:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-03 12:56:35 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??mbols
2007-06-03 12:56:32 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft
2007-06-03 12:56:31 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??sembly
2007-06-03 12:56:27 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\?icrosoft.NET
2007-06-03 12:56:26 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\W?nSxS
2007-06-03 12:56:25 -------- d-----w C:\Program Files\Common Files\??stem
2007-06-03 12:56:25 -------- d-----w C:\DOCUME~1\slartibartfast\Application Data\??stem
2007-06-03 12:56:24 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-03 12:56:24 -------- d-----w C:\Program Files\?dobe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2004-01-12 20:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07]
"SystemTray"="SysTray.Exe" [2006-01-01 10:00 C:\WINDOWS\system32\systray.exe]
"FmctrlTray"="Fmctrl.EXE" [2001-08-20 20:47 C:\WINDOWS\system32\fmctrl.exe]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-04-30 19:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-12-17 13:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 22:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Messenger\msnmsgr.exe" [2005-08-13 12:44]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-01 10:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsHistory"=00000000
"MaxRecentDocs"=10 (0xa)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"Altap"=0 (0x0)
"LongClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - WUAUSERV

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 11:20:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Altap = 63
LongClock = 63
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Altap = 63
LongClock = 63

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASNDIS5]
"ImagePath"="\??\C:\WINDOWS\system32\ASNDIS5.SYS"

Completion time: 2007-06-05 11:25:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-05 11:25

--- E O F ---


and theres the Combofix Log..
thanks again by the way....

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,325 posts

Posted 12 June 2007 - 10:35 PM

Did you previously disable the creation of short file names?

Please run Notepad and paste the following text into a new file:

regedit /e peek.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem"
notepad peek.txt

Save the file to the Desktop as log.bat, and make sure the "Save as type" field says "All files". Then double-click on the log.bat file on the desktop. This will create a text file called peek.txt on the desktop. Please post that text in your next reply.

You have numerous folders that will need to be deleted manually. The problem is that the folders created by the infection use non-standard Cyrillic characters in the file name (the folders in the log with a question mark in the folder name like C:\WINDOWS\F?nts), but when you view the file names in Windows Explorer, you won't see a question mark, it will appear as a standard character.
All the folders you will need to delete were created on 2007-06-03.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.

Using Internet Explorer, go to C:\Windows.
On the drop-down menu, go to View and select Details.
Then on the same menu, go to View > "Arrange Icons by" and select Modified
Now all the files and folders will be sorted by date.
Delete all the folders that were modified on 06/03/2007

Now go to C:\Program Files\Common Files and do the same thing.
On the drop-down menu, go to View and select Details.
Then on the same menu, go to View > "Arrange Icons by" and select Modified
Now all the files and folders will be sorted by date.
Delete all the folders that were modified on 06/03/2007

Now go to C:\Program Files and do the same thing.
On the drop-down menu, go to View and select Details.
Then on the same menu, go to View > "Arrange Icons by" and select Modified
Now all the files and folders will be sorted by date.
Delete all the folders that were modified on 06/03/2007
In this case, there should only be one folder created on 06/03/2007:
It will look like C:\Program Files\Tasks

Now go to C:\Documents and Settings\slartibartfast\Application Data and do the same thing.
On the drop-down menu, go to View and select Details.
Then on the same menu, go to View > "Arrange Icons by" and select Modified
Now all the files and folders will be sorted by date.
Delete all the folders that were modified on 06/03/2007

Now go to C:\WINDOWS\system32 and do the same thing.
On the drop-down menu, go to View and select Details.
Then on the same menu, go to View > "Arrange Icons by" and select Modified
Now all the files and folders will be sorted by date.
Delete all the folders that were modified on 06/03/2007 between 10:55 PM - 11:15 PM


Please run Notepad and copy & paste the text inside the code box (starting with @echo off and ending with dp0log.txt") into a new file:
@echo off
(
chcp
set&echo.
cd /d "%systemroot%" && dir /ad/x/tc/o-d
cd c:\windows\system32 && dir /ad/x/tc/o-d
cd /d "%commonprogramfiles%" && dir /ad/x/tc/o-d
cd /d "%programfiles%" && dir /ad/x/tc/o-d
cd /d %AppData% && dir /ad/x/tc/o-d
)>"%~dp0log.txt"
start notepad "%~dp0log.txt"
Save the file to the Desktop as look2.bat, and make sure the "Save as type" field says "All files". Then double-click on the look2.bat file on the desktop. This will open Notepad with some text. Please post the contents in your next reply.

Now you need to hide the files you un-hid earlier:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading unselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Click Yes to confirm. Click OK.

Please post a new HijackThis log and the text from running look2.bat

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 13 June 2007 - 07:21 PM

I did what you said, but I didnt delete the folders:

-Mozilla Firefox
-Spybot - Search & Destroy
-Grisoft

They were also created on the 6/3/2007

I didn't delete them as they had all the appropriate stuff in them. And I remember installing spybot and grisoft around then, not sure about Mozilla though. ]
Anyway........


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:13:55 AM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\slartibartfast\Desktop\FreeSpaceOpenInstaller\Installer\FreeSpaceOpenInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3761 bytes

---------------------------------------------------------------------------------------------------------

PEEK.TXT


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000001
"Win31FileSystem"=dword:00000000
"Win95TruncatedExtensions"=dword:00000001
"NtfsDisableLastAccessUpdate"=dword:00000001



-----------------------------------------------------------------------------------------------------------

LOG.TXT

Active code page: 437
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\slartibartfast\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\slartibartfast
LOGONSERVER=\\BASIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp
TMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp
tvdumpflags=8
USERDOMAIN=BASIL
USERNAME=slartibartfast
USERPROFILE=C:\Documents and Settings\slartibartfast
windir=C:\WINDOWS

Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\WINDOWS

06/12/2007 06:08 PM <DIR> LastGood
06/07/2007 06:39 AM <DIR> CSC
06/06/2007 03:05 PM <DIR> SxsCaPendDel
06/05/2007 12:45 PM <DIR> Internet Logs
06/05/2007 11:27 AM <DIR> TEMP
06/05/2007 11:17 AM <DIR> erdnt
05/31/2007 03:08 AM <DIR> assembly
05/31/2007 03:06 AM <DIR> Microsoft.NET
03/13/2007 10:53 PM <DIR> Datalcrn
02/05/2007 09:36 PM <DIR> Downloaded Installations
01/29/2007 01:48 PM <DIR> ShellNew
01/26/2007 10:17 PM <DIR> INSTAL~1 Installer
01/26/2007 10:06 PM <DIR> ehome
01/26/2007 10:06 PM <DIR> PeerNet
01/26/2007 10:06 PM <DIR> pchealth
01/26/2007 10:06 PM <DIR> mui
01/26/2007 10:06 PM <DIR> Motorola
01/26/2007 10:06 PM <DIR> WinSxS
01/26/2007 10:06 PM <DIR> ime
01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning
01/26/2007 10:06 PM <DIR> RESOUR~1 Resources
01/26/2007 10:06 PM <DIR> Debug
01/26/2007 10:06 PM <DIR> AppPatch
01/26/2007 10:06 PM <DIR> msapps
01/26/2007 10:06 PM <DIR> twain_32
01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache
01/26/2007 10:06 PM <DIR> security
01/26/2007 10:06 PM <DIR> Cursors
01/26/2007 10:06 PM <DIR> msagent
01/26/2007 10:06 PM <DIR> java
01/26/2007 10:06 PM <DIR> Web
01/26/2007 10:06 PM <DIR> Help
01/26/2007 10:06 PM <DIR> Media
01/26/2007 10:06 PM <DIR> Fonts
01/26/2007 10:06 PM <DIR> repair
01/26/2007 10:06 PM <DIR> inf
01/26/2007 10:06 PM <DIR> system32
01/26/2007 10:06 PM <DIR> .
01/26/2007 10:06 PM <DIR> system
01/26/2007 10:06 PM <DIR> ..
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:53 PM <DIR> WBEM
01/26/2007 04:51 PM <DIR> ie7
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$
01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$
01/26/2007 04:49 PM <DIR> $hf_mig$
01/26/2007 03:28 PM <DIR> msdownld.tmp
01/26/2007 12:14 PM <DIR> SoftwareDistribution
01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages
01/26/2007 11:54 AM <DIR> Tasks
01/26/2007 11:54 AM <DIR> srchasst
01/26/2007 11:51 AM <DIR> REGIST~1 Registration
0 File(s) 0 bytes
53 Dir(s) 2,246,438,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\WINDOWS\system32

06/05/2007 12:50 PM <DIR> ZoneLabs
05/31/2007 11:07 AM <DIR> URTTemp
04/14/2007 02:58 PM <DIR> ReinstallBackups
04/14/2007 11:35 AM <DIR> Samsung_Mobile_USB_Drivers
02/11/2007 02:08 PM <DIR> appmgmt
01/29/2007 09:16 PM <DIR> LogFiles
01/26/2007 10:15 PM <DIR> CatRoot2
01/26/2007 10:15 PM <DIR> CatRoot
01/26/2007 10:06 PM <DIR> MEDIAG~1 MediaGraph
01/26/2007 10:06 PM <DIR> DSFILT~1 DSFilters
01/26/2007 10:06 PM <DIR> DVDGraph
01/26/2007 10:06 PM <DIR> 3com_dmi
01/26/2007 10:06 PM <DIR> DVDAUT~1 DVDAutoGraph
01/26/2007 10:06 PM <DIR> Texture
01/26/2007 10:06 PM <DIR> MEDIAA~1 MediaAutoGraph
01/26/2007 10:06 PM <DIR> IME
01/26/2007 10:06 PM <DIR> BRUSH
01/26/2007 10:06 PM <DIR> ALBUM-2
01/26/2007 10:06 PM <DIR> 1033
01/26/2007 10:06 PM <DIR> Samples
01/26/2007 10:06 PM <DIR> usmt
01/26/2007 10:06 PM <DIR> Albums
01/26/2007 10:06 PM <DIR> STAMPS
01/26/2007 10:06 PM <DIR> Shapes
01/26/2007 10:06 PM <DIR> Skin
01/26/2007 10:06 PM <DIR> Real
01/26/2007 10:06 PM <DIR> oobe
01/26/2007 10:06 PM <DIR> export
01/26/2007 10:06 PM <DIR> icsxml
01/26/2007 10:06 PM <DIR> mui
01/26/2007 10:06 PM <DIR> wbem
01/26/2007 10:06 PM <DIR> npp
01/26/2007 10:06 PM <DIR> ias
01/26/2007 10:06 PM <DIR> dllcache
01/26/2007 10:06 PM <DIR> pptv
01/26/2007 10:06 PM <DIR> ShellExt
01/26/2007 10:06 PM <DIR> Setup
01/26/2007 10:06 PM <DIR> docklets
01/26/2007 10:06 PM <DIR> LANGUA~1 languages
01/26/2007 10:06 PM <DIR> config
01/26/2007 10:06 PM <DIR> spool
01/26/2007 10:06 PM <DIR> ras
01/26/2007 10:06 PM <DIR> drivers
01/26/2007 10:06 PM <DIR> ..
01/26/2007 10:06 PM <DIR> .
01/26/2007 04:53 PM <DIR> en-US
01/26/2007 12:01 PM <DIR> xircom
01/26/2007 12:01 PM <DIR> inetsrv
01/26/2007 12:00 PM <DIR> Skins
01/26/2007 12:00 PM <DIR> Plugins
01/26/2007 11:55 AM <DIR> DirectX
01/26/2007 11:54 AM <DIR> Macromed
01/26/2007 11:53 AM <DIR> Restore
01/26/2007 11:49 AM <DIR> MsDtc
01/26/2007 11:49 AM <DIR> Com
0 File(s) 0 bytes
55 Dir(s) 2,246,438,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Program Files\Common Files

06/03/2007 11:15 PM <DIR> ??pPatch
06/03/2007 11:07 PM <DIR> ?icrosoft.NET
06/03/2007 11:05 PM <DIR> ?asks
06/03/2007 11:05 PM <DIR> ??crosoft.NET
06/03/2007 11:05 PM <DIR> ?icrosoft.NET
06/03/2007 11:02 PM <DIR> ?ystem32
06/03/2007 11:01 PM <DIR> A?pPatch
06/03/2007 11:01 PM <DIR> ç?sks
06/03/2007 11:01 PM <DIR> F?nts
06/03/2007 11:01 PM <DIR> à?pPatch
06/03/2007 11:00 PM <DIR> s?stem
06/03/2007 10:59 PM <DIR> ??crosoft
06/03/2007 10:58 PM <DIR> ?dobe
06/03/2007 10:58 PM <DIR> ??stem32
06/03/2007 10:58 PM <DIR> ?ymantec
06/03/2007 10:58 PM <DIR> s?curity
06/03/2007 10:58 PM <DIR> ?icrosoft
06/03/2007 10:58 PM <DIR> W?nSxS
06/03/2007 10:57 PM <DIR> S?mantec
06/03/2007 10:57 PM <DIR> ??sks
06/03/2007 10:57 PM <DIR> s?mbols
06/03/2007 10:57 PM <DIR> ?ymbols
06/03/2007 10:57 PM <DIR> çasks
06/03/2007 10:57 PM <DIR> ?icrosoft
06/03/2007 10:57 PM <DIR> M?crosoft
06/03/2007 10:57 PM <DIR> F?nts
06/03/2007 10:57 PM <DIR> s?stem32
06/03/2007 10:57 PM <DIR> ?ecurity
06/03/2007 10:56 PM <DIR> ??crosoft
06/03/2007 10:56 PM <DIR> ?ppPatch
06/03/2007 10:56 PM <DIR> ?ssembly
06/03/2007 10:56 PM <DIR> a?sembly
06/03/2007 10:56 PM <DIR> ??crosoft.NET
06/03/2007 10:56 PM <DIR> T?sks
06/03/2007 10:56 PM <DIR> ??stem
06/03/2007 10:56 PM <DIR> àdobe
06/03/2007 10:56 PM <DIR> ??sembly
06/03/2007 10:56 PM <DIR> M?crosoft.NET
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ??curity
06/03/2007 10:56 PM <DIR> àppPatch
06/03/2007 10:56 PM <DIR> ?racle
06/03/2007 10:56 PM <DIR> ??mantec
06/03/2007 01:44 PM <DIR> ??mbols
06/03/2007 01:43 PM <DIR> ?ystem
05/09/2007 09:02 AM <DIR> GTK
04/03/2007 03:03 PM <DIR> Wise Installation Wizard
01/29/2007 01:49 PM <DIR> Designer
01/28/2007 06:42 PM <DIR> Adobe
01/26/2007 10:17 PM <DIR> ODBC
01/26/2007 10:17 PM <DIR> SPEECH~1 SpeechEngines
01/26/2007 10:17 PM <DIR> MICROS~1 Microsoft Shared
01/26/2007 10:17 PM <DIR> .
01/26/2007 10:17 PM <DIR> ..
01/26/2007 03:27 PM <DIR> InstallShield
01/26/2007 11:54 AM <DIR> Services
01/26/2007 11:54 AM <DIR> MSSoap
01/26/2007 11:53 AM <DIR> System
0 File(s) 0 bytes
58 Dir(s) 2,246,438,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Program Files

06/12/2007 06:08 PM <DIR> Microsoft Games
06/06/2007 03:06 PM <DIR> Adobe
06/05/2007 01:14 PM <DIR> AntiVir PersonalEdition Classic
06/05/2007 12:45 PM <DIR> Zone Labs
06/05/2007 09:22 AM <DIR> SUPERAntiSpyware
06/03/2007 11:24 PM <DIR> Grisoft
06/03/2007 05:37 PM <DIR> Spybot - Search & Destroy
06/03/2007 01:51 PM <DIR> AnVir Virus Destroyer
06/02/2007 12:46 AM <DIR> Sierra
05/09/2007 09:03 AM <DIR> GIMP-2.0
04/30/2007 11:09 AM <DIR> ASUS
04/24/2007 10:54 AM <DIR> iPod
04/24/2007 10:53 AM <DIR> iTunes
04/19/2007 01:15 AM <DIR> QuickTime
04/14/2007 01:04 PM <DIR> SAMSUNG
04/14/2007 11:35 AM <DIR> dumdumSAMSUNG
04/03/2007 03:04 PM <DIR> EndNote 9
03/22/2007 08:26 PM <DIR> DivX
03/07/2007 11:04 AM <DIR> Cucusoft
02/18/2007 05:55 PM <DIR> Audacity
02/11/2007 10:03 PM <DIR> TVPaint Developpement
02/11/2007 08:32 PM <DIR> VideoLAN
02/11/2007 05:54 PM <DIR> Ambient Design
02/11/2007 02:07 PM <DIR> BitLord
02/05/2007 09:36 PM <DIR> BOINC
02/05/2007 01:10 AM <DIR> Opera
02/02/2007 09:55 PM <DIR> ClamWin
02/02/2007 09:51 PM <DIR> WinRAR
01/29/2007 01:50 PM <DIR> Microsoft ActiveSync
01/29/2007 01:48 PM <DIR> Microsoft Office
01/26/2007 10:17 PM <DIR> ..
01/26/2007 10:17 PM <DIR> COMMON~1 Common Files
01/26/2007 10:17 PM <DIR> .
01/26/2007 04:33 PM <DIR> Java
01/26/2007 03:46 PM <DIR> Mozilla Firefox
01/26/2007 03:27 PM <DIR> D-Link
01/26/2007 03:27 PM <DIR> InstallShield Installation Information
01/26/2007 03:27 PM <DIR> OptusNet DSL Internet
01/26/2007 12:17 PM <DIR> Uninstall Information
01/26/2007 12:01 PM <DIR> xerox
01/26/2007 12:01 PM <DIR> MSNGAM~1 msn gaming zone
01/26/2007 12:01 PM <DIR> MICROS~1 microsoft frontpage
01/26/2007 11:56 AM <DIR> WINDOW~3 WindowsUpdate
01/26/2007 11:55 AM <DIR> ONLINE~1 Online Services
01/26/2007 11:54 AM <DIR> MOVIEM~1 Movie Maker
01/26/2007 11:53 AM <DIR> NETMEE~1 NetMeeting
01/26/2007 11:53 AM <DIR> OUTLOO~1 Outlook Express
01/26/2007 11:53 AM <DIR> INTERN~1 Internet Explorer
01/26/2007 11:51 AM <DIR> WINDOW~2 Windows Media Player
01/26/2007 11:50 AM <DIR> MESSEN~1 Messenger
01/26/2007 11:50 AM <DIR> WINDOW~1 Windows NT
0 File(s) 0 bytes
51 Dir(s) 2,246,438,912 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Documents and Settings\slartibartfast\Application Data

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware.com
05/09/2007 09:07 AM <DIR> gtk-2.0
04/03/2007 03:06 PM <DIR> EndNote
04/03/2007 12:44 PM <DIR> GetRightToGo
02/11/2007 10:05 PM <DIR> tvpaint animation
02/11/2007 08:37 PM <DIR> vlc
02/11/2007 08:35 PM <DIR> COWON
02/11/2007 05:55 PM <DIR> Ambient Design
02/06/2007 11:01 AM <DIR> Apple Computer
02/05/2007 01:11 AM <DIR> Opera
01/28/2007 07:04 PM <DIR> Adobe
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:32 PM <DIR> Macromedia
01/26/2007 03:46 PM <DIR> Mozilla
01/26/2007 12:17 PM <DIR> Identities
01/26/2007 12:17 PM <DIR> ..
01/26/2007 12:17 PM <DIR> .
01/26/2007 12:17 PM <DIR> Microsoft
0 File(s) 0 bytes
18 Dir(s) 2,246,438,912 bytes free

thanks...

Oh, and I dont ever remember disabling the creation of short file names.

Edited by chickeniam, 13 June 2007 - 07:22 PM.


#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,325 posts

Posted 13 June 2007 - 09:54 PM

I did what you said, but I didnt delete the folders:

-Mozilla Firefox
-Spybot - Search & Destroy
-Grisoft

They were also created on the 6/3/2007

I missed the date on those. You did right by leaving them :thumbsup:

You did miss deleting the folders in one location though.

Using Internet Explorer, go C:\Program Files\Common Files.
On the drop-down menu, go to View and select Details.
Then on the same menu, go to View > "Arrange Icons by" and select Modified
Now all the files and folders will be sorted by date.
Delete all the folders that were modified on 06/03/2007. They were all created between 10:56 PM - 11:15 PM with the exception of two that were created at 01:43 PM and 01:44 PM. It would appear to be a total of 45 folders.


Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entry you checked.


Please run Notepad and paste the following text inside the Code box (starting with REGEDIT4) into a new file:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000000
"NtfsDisableLastAccessUpdate"=-
Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


Please go to VirusTotal and submit the following file for a scan and post the results in your next reply:
C:\Documents and Settings\slartibartfast\Desktop\FreeSpaceOpenInstaller\Installer\FreeSpaceOpenInstaller.exe


Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


Double-click on look2.bat to run it again and post the text that opens in Notepad in your next reply.


Please post a new HijackThis log, the log from running Kaspersky's online scan, and in a second reply the text from running look2.bat, the results from scanning the file at VirusTotal, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 14 June 2007 - 09:43 PM

Thanks,

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:41:09 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\slartibartfast\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\WINDOWS\system32\IECatcher.DLL/FlashCatcher.htm
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3691 bytes



------------------------------------------------------------------------------------------------------------




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, 15 June, 2007 11:18:38 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/06/2007
Kaspersky Anti-Virus database records: 346801
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 24843
Number of viruses found: 3
Number of infected objects: 6 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\cert8.db Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\history.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\key3.db Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\parent.lock Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\search.sqlite Object is locked skipped
C:\Documents and Settings\slartibartfast\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\slartibartfast\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Application Data\Mozilla\Firefox\Profiles\3yiy6bir.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\slartibartfast\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\slartibartfast\NTUSER.DAT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\VundoFix Backups\efeedby.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\hggheef.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\opnkiji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\oypxtfpk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\VundoFix Backups\ssqnkkj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\yabcb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\BASIL.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\ZLT00b32.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT00b49.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#14 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 14 June 2007 - 09:47 PM

LOOK2.BAT LOG:-->

Active code page: 437
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\slartibartfast\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\slartibartfast
LOGONSERVER=\\BASIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp
TMP=C:\DOCUME~1\slartibartfast\Local Settings\Temp
tvdumpflags=8
USERDOMAIN=BASIL
USERNAME=slartibartfast
USERPROFILE=C:\Documents and Settings\slartibartfast
windir=C:\WINDOWS

Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\WINDOWS

06/15/2007 08:36 AM <DIR> LastGood
06/15/2007 08:35 AM <DIR> Downloaded Program Files
06/07/2007 06:39 AM <DIR> CSC
06/06/2007 03:05 PM <DIR> SxsCaPendDel
06/05/2007 12:45 PM <DIR> Internet Logs
06/05/2007 11:27 AM <DIR> TEMP
06/05/2007 11:17 AM <DIR> erdnt
05/31/2007 03:08 AM <DIR> assembly
05/31/2007 03:06 AM <DIR> Microsoft.NET
03/13/2007 10:53 PM <DIR> Datalcrn
02/05/2007 09:36 PM <DIR> Downloaded Installations
01/29/2007 01:48 PM <DIR> ShellNew
01/26/2007 10:17 PM <DIR> INSTAL~1 Installer
01/26/2007 10:06 PM <DIR> ehome
01/26/2007 10:06 PM <DIR> PeerNet
01/26/2007 10:06 PM <DIR> pchealth
01/26/2007 10:06 PM <DIR> mui
01/26/2007 10:06 PM <DIR> Motorola
01/26/2007 10:06 PM <DIR> WinSxS
01/26/2007 10:06 PM <DIR> ime
01/26/2007 10:06 PM <DIR> PROVIS~1 Provisioning
01/26/2007 10:06 PM <DIR> RESOUR~1 Resources
01/26/2007 10:06 PM <DIR> Debug
01/26/2007 10:06 PM <DIR> AppPatch
01/26/2007 10:06 PM <DIR> msapps
01/26/2007 10:06 PM <DIR> twain_32
01/26/2007 10:06 PM <DIR> DRIVER~1 Driver Cache
01/26/2007 10:06 PM <DIR> security
01/26/2007 10:06 PM <DIR> Cursors
01/26/2007 10:06 PM <DIR> msagent
01/26/2007 10:06 PM <DIR> java
01/26/2007 10:06 PM <DIR> Web
01/26/2007 10:06 PM <DIR> Help
01/26/2007 10:06 PM <DIR> Media
01/26/2007 10:06 PM <DIR> Fonts
01/26/2007 10:06 PM <DIR> repair
01/26/2007 10:06 PM <DIR> inf
01/26/2007 10:06 PM <DIR> system32
01/26/2007 10:06 PM <DIR> .
01/26/2007 10:06 PM <DIR> system
01/26/2007 10:06 PM <DIR> ..
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:53 PM <DIR> WBEM
01/26/2007 04:51 PM <DIR> ie7
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallIDNMitigationAPIs$
01/26/2007 04:50 PM <DIR> $NtServicePackUninstallNLSDownlevelMapping$
01/26/2007 04:49 PM <DIR> $NtUninstallKB915865$
01/26/2007 04:49 PM <DIR> $hf_mig$
01/26/2007 03:28 PM <DIR> msdownld.tmp
01/26/2007 12:14 PM <DIR> SoftwareDistribution
01/26/2007 11:56 AM <DIR> OFFLIN~1 Offline Web Pages
01/26/2007 11:54 AM <DIR> Tasks
01/26/2007 11:54 AM <DIR> srchasst
01/26/2007 11:51 AM <DIR> REGIST~1 Registration
0 File(s) 0 bytes
54 Dir(s) 2,219,171,840 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\WINDOWS\system32

06/15/2007 08:37 AM <DIR> Kaspersky Lab
06/05/2007 12:50 PM <DIR> ZoneLabs
05/31/2007 11:07 AM <DIR> URTTemp
04/14/2007 02:58 PM <DIR> ReinstallBackups
04/14/2007 11:35 AM <DIR> Samsung_Mobile_USB_Drivers
02/11/2007 02:08 PM <DIR> appmgmt
01/29/2007 09:16 PM <DIR> LogFiles
01/26/2007 10:15 PM <DIR> CatRoot2
01/26/2007 10:15 PM <DIR> CatRoot
01/26/2007 10:06 PM <DIR> MEDIAG~1 MediaGraph
01/26/2007 10:06 PM <DIR> DVDGraph
01/26/2007 10:06 PM <DIR> 3com_dmi
01/26/2007 10:06 PM <DIR> DSFILT~1 DSFilters
01/26/2007 10:06 PM <DIR> IME
01/26/2007 10:06 PM <DIR> DVDAUT~1 DVDAutoGraph
01/26/2007 10:06 PM <DIR> Texture
01/26/2007 10:06 PM <DIR> MEDIAA~1 MediaAutoGraph
01/26/2007 10:06 PM <DIR> STAMPS
01/26/2007 10:06 PM <DIR> 1033
01/26/2007 10:06 PM <DIR> ALBUM-2
01/26/2007 10:06 PM <DIR> Albums
01/26/2007 10:06 PM <DIR> Samples
01/26/2007 10:06 PM <DIR> BRUSH
01/26/2007 10:06 PM <DIR> usmt
01/26/2007 10:06 PM <DIR> Shapes
01/26/2007 10:06 PM <DIR> Skin
01/26/2007 10:06 PM <DIR> Real
01/26/2007 10:06 PM <DIR> oobe
01/26/2007 10:06 PM <DIR> icsxml
01/26/2007 10:06 PM <DIR> export
01/26/2007 10:06 PM <DIR> mui
01/26/2007 10:06 PM <DIR> dllcache
01/26/2007 10:06 PM <DIR> npp
01/26/2007 10:06 PM <DIR> ias
01/26/2007 10:06 PM <DIR> pptv
01/26/2007 10:06 PM <DIR> wbem
01/26/2007 10:06 PM <DIR> docklets
01/26/2007 10:06 PM <DIR> Setup
01/26/2007 10:06 PM <DIR> ShellExt
01/26/2007 10:06 PM <DIR> LANGUA~1 languages
01/26/2007 10:06 PM <DIR> .
01/26/2007 10:06 PM <DIR> ..
01/26/2007 10:06 PM <DIR> spool
01/26/2007 10:06 PM <DIR> config
01/26/2007 10:06 PM <DIR> drivers
01/26/2007 10:06 PM <DIR> ras
01/26/2007 04:53 PM <DIR> en-US
01/26/2007 12:01 PM <DIR> xircom
01/26/2007 12:01 PM <DIR> inetsrv
01/26/2007 12:00 PM <DIR> Skins
01/26/2007 12:00 PM <DIR> Plugins
01/26/2007 11:55 AM <DIR> DirectX
01/26/2007 11:54 AM <DIR> Macromed
01/26/2007 11:53 AM <DIR> Restore
01/26/2007 11:49 AM <DIR> MsDtc
01/26/2007 11:49 AM <DIR> Com
0 File(s) 0 bytes
56 Dir(s) 2,219,171,840 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Program Files\Common Files

05/09/2007 09:02 AM <DIR> GTK
04/03/2007 03:03 PM <DIR> Wise Installation Wizard
01/29/2007 01:49 PM <DIR> Designer
01/28/2007 06:42 PM <DIR> Adobe
01/26/2007 10:17 PM <DIR> ODBC
01/26/2007 10:17 PM <DIR> SPEECH~1 SpeechEngines
01/26/2007 10:17 PM <DIR> MICROS~1 Microsoft Shared
01/26/2007 10:17 PM <DIR> ..
01/26/2007 10:17 PM <DIR> .
01/26/2007 03:27 PM <DIR> InstallShield
01/26/2007 11:54 AM <DIR> Services
01/26/2007 11:54 AM <DIR> MSSoap
01/26/2007 11:53 AM <DIR> System
0 File(s) 0 bytes
13 Dir(s) 2,219,171,840 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Program Files

06/14/2007 10:28 AM <DIR> OpenAL
06/12/2007 06:08 PM <DIR> Microsoft Games
06/06/2007 03:06 PM <DIR> Adobe
06/05/2007 01:14 PM <DIR> AntiVir PersonalEdition Classic
06/05/2007 12:45 PM <DIR> Zone Labs
06/05/2007 09:22 AM <DIR> SUPERAntiSpyware
06/03/2007 11:24 PM <DIR> Grisoft
06/03/2007 05:37 PM <DIR> Spybot - Search & Destroy
06/02/2007 12:46 AM <DIR> Sierra
05/09/2007 09:03 AM <DIR> GIMP-2.0
04/30/2007 11:09 AM <DIR> ASUS
04/24/2007 10:54 AM <DIR> iPod
04/24/2007 10:53 AM <DIR> iTunes
04/19/2007 01:15 AM <DIR> QuickTime
04/14/2007 01:04 PM <DIR> SAMSUNG
04/14/2007 11:35 AM <DIR> dumdumSAMSUNG
04/03/2007 03:04 PM <DIR> EndNote 9
03/22/2007 08:26 PM <DIR> DivX
03/07/2007 11:04 AM <DIR> Cucusoft
02/18/2007 05:55 PM <DIR> Audacity
02/11/2007 10:03 PM <DIR> TVPaint Developpement
02/11/2007 08:32 PM <DIR> VideoLAN
02/11/2007 05:54 PM <DIR> Ambient Design
02/11/2007 02:07 PM <DIR> BitLord
02/05/2007 09:36 PM <DIR> BOINC
02/05/2007 01:10 AM <DIR> Opera
02/02/2007 09:55 PM <DIR> ClamWin
02/02/2007 09:51 PM <DIR> WinRAR
01/29/2007 01:50 PM <DIR> Microsoft ActiveSync
01/29/2007 01:48 PM <DIR> Microsoft Office
01/26/2007 10:17 PM <DIR> .
01/26/2007 10:17 PM <DIR> COMMON~1 Common Files
01/26/2007 10:17 PM <DIR> ..
01/26/2007 04:33 PM <DIR> Java
01/26/2007 03:46 PM <DIR> Mozilla Firefox
01/26/2007 03:27 PM <DIR> D-Link
01/26/2007 03:27 PM <DIR> InstallShield Installation Information
01/26/2007 03:27 PM <DIR> OptusNet DSL Internet
01/26/2007 12:17 PM <DIR> Uninstall Information
01/26/2007 12:01 PM <DIR> xerox
01/26/2007 12:01 PM <DIR> MSNGAM~1 msn gaming zone
01/26/2007 12:01 PM <DIR> MICROS~1 microsoft frontpage
01/26/2007 11:56 AM <DIR> WINDOW~3 WindowsUpdate
01/26/2007 11:55 AM <DIR> ONLINE~1 Online Services
01/26/2007 11:54 AM <DIR> MOVIEM~1 Movie Maker
01/26/2007 11:53 AM <DIR> NETMEE~1 NetMeeting
01/26/2007 11:53 AM <DIR> OUTLOO~1 Outlook Express
01/26/2007 11:53 AM <DIR> INTERN~1 Internet Explorer
01/26/2007 11:51 AM <DIR> WINDOW~2 Windows Media Player
01/26/2007 11:50 AM <DIR> MESSEN~1 Messenger
01/26/2007 11:50 AM <DIR> WINDOW~1 Windows NT
0 File(s) 0 bytes
51 Dir(s) 2,219,171,840 bytes free
Volume in drive C has no label.
Volume Serial Number is 0C78-6CC5

Directory of C:\Documents and Settings\slartibartfast\Application Data

06/05/2007 09:22 AM <DIR> SUPERAntiSpyware.com
05/09/2007 09:07 AM <DIR> gtk-2.0
04/03/2007 03:06 PM <DIR> EndNote
04/03/2007 12:44 PM <DIR> GetRightToGo
02/11/2007 10:05 PM <DIR> tvpaint animation
02/11/2007 08:37 PM <DIR> vlc
02/11/2007 08:35 PM <DIR> COWON
02/11/2007 05:55 PM <DIR> Ambient Design
02/06/2007 11:01 AM <DIR> Apple Computer
02/05/2007 01:11 AM <DIR> Opera
01/28/2007 07:04 PM <DIR> Adobe
01/26/2007 08:07 PM <DIR> Sun
01/26/2007 04:32 PM <DIR> Macromedia
01/26/2007 03:46 PM <DIR> Mozilla
01/26/2007 12:17 PM <DIR> Identities
01/26/2007 12:17 PM <DIR> ..
01/26/2007 12:17 PM <DIR> .
01/26/2007 12:17 PM <DIR> Microsoft
0 File(s) 0 bytes
18 Dir(s) 2,219,171,840 bytes free


----------------------------------------------------------------------------------------------------------------


VIRUSTOTAL SCAN LOG: --->


Complete scanning result of "FreeSpaceOpenInstaller.exe", received in VirusTotal at 06.15.2007, 00:23:32 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.9.0 05.09.2007 no virus found
AntiVir 7.4.0.32 06.14.2007 no virus found
Authentium 4.93.8 06.14.2007 no virus found
Avast 4.7.997.0 06.14.2007 no virus found
AVG 7.5.0.467 05.08.2007 no virus found
BitDefender 7.2 06.15.2007 no virus found
CAT-QuickHeal 9.00 06.14.2007 no virus found
ClamAV devel-20070416 05.09.2007 no virus found
DrWeb 4.33 06.14.2007 no virus found
eSafe 7.0.15.0 05.08.2007 no virus found
eTrust-Vet 30.7.3719 06.14.2007 no virus found
FileAdvisor 1 06.15.2007 no virus found
Fortinet 2.85.0.0 06.14.2007 no virus found
F-Prot 4.3.2.48 05.08.2007 no virus found
F-Secure 6.70.13030.0 05.09.2007 no virus found
Ikarus T3.1.1.7 05.09.2007 no virus found
Kaspersky 4.0.2.24 06.15.2007 no virus found
McAfee 5053 06.14.2007 no virus found
Microsoft 1.2503 06.14.2007 no virus found
NOD32v2 2329 06.14.2007 no virus found
Norman 5.80.02 06.14.2007 no virus found
Panda 9.0.0.4 06.15.2007 no virus found
Prevx1 V2 06.15.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.09.2007 no virus found
TheHacker 6.1.6.133 06.14.2007 no virus found
VBA32 3.12.0.2 06.14.2007 no virus found
VirusBuster 4.3.23:9 06.14.2007 no virus found
Webwasher-Gateway 6.0.1 05.09.2007 no virus found

Aditional Information
File size: 144384 bytes
MD5: 92dd87d45153320b117f17fdae4f3eda
SHA1: d3053d715436883d4ebf884cce709591e5cd0ea6


Everything went smoothly!

by the way, thanks so much for your help, It must be a full time job volunteering for this! How do you do it?!
SImon

Edited by chickeniam, 14 June 2007 - 09:49 PM.


#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,325 posts

Posted 14 June 2007 - 10:18 PM

It looks like you got it all :thumbsup:

by the way, thanks so much for your help

I'm glad I was able to help.

It must be a full time job volunteering for this! How do you do it?!

I just duck when the wife thinks I'm spending too much time at this. :)

There is an optional fix you can do:

Run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):

You can optionally check the following entry. This is part of Microsoft Office located in your Startup folder, but it's not needed, and it's a resource hog:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entry you checked.

Using Windows Explorer, delete the following folders:
C:\VundoFix Backups
C:\SDFix
C:\Qoobox

You can delete VundoFix (if you still have it) and ComboFix now also.

Create a Restore Point
  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK
  • When Disk Cleanup opens, select the More Options tab
  • In the System Restore section (bottom of window), click Cleanup
    • In the confirmation window that opens, click Yes
  • Now click on the Disk Cleanup tab and select the following items:
    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Click OK
  • in the confirmation window, select Yes (Disk Cleanup will close).
There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at http://www.spywarewa...uc/resource.htm.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html.

I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://forums.spywar...showtopic=60955

Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 chickeniam

chickeniam

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 16 June 2007 - 09:17 PM

Awsome,
Thanks once again for your help,

It's amazing how much faster and better the computer runs when it's not sick!

All seems well now!
Thanks Again!

Simon

PS Hope your wife throws soft things ;)

#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,325 posts

Posted 16 June 2007 - 10:33 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button