Need help removing a trojan/ unknown processes [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Need help removing a trojan/ unknown processes [RESOLVED], C:\windows\system32\dllChache\Hole.zip i cant dele

Options

archiep View Member Profile	Feb 19 2008, 03:24 AM Post #1
Member Posts: 39 OS: XP	Hello its me archie again. Not too long ago I posted the same problem about my computer, it seems there malicious programs running in my computer and its taking up my resources and slowing it down. heres a link to my Old post and heres a post of my new hijack log i hope the old log helps on removing this program because i think its the same virus, thank you very much. Logfile of HijackThis v1.99.1 Scan saved at 1:23:03 AM, on 2/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\windows\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\windows\system32\ZuneBusEnum.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\windows\system32\dllChache\Empty.jpg C:\windows\system32\wscntfy.exe C:\windows\system32\dllChache\Blank.doc C:\windows\system32\dllChache\Zero.txt C:\windows\system32\dllChache\Hole.zip C:\windows\system32\dllChache\Unoccupied.reg C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\windows\system32\CTHELPER.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\windows\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijack\show.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe, "C:\windows\system32\M5VBVM60.EXE StartUp" O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Secure64] C:\windows\system32\dllcache\Regedit32.com StartUp O4 - HKCU\..\Run: [Secure32] C:\windows\system32\dllcache\Shell32.com StartUp O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html O8 - Extra context menu item: Open Client to monitor &1 - C:\windows\web\AOpenClient.htm O8 - Extra context menu item: Open Client to monitor &2 - C:\windows\web\AOpenClient.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190602144718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190602136046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

2 Pages

< 1 2

Replies (15 - 29)

kahdah View Member Profile	Feb 22 2008, 10:41 AM Post #16
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Please do an online scan with Kaspersky WebScanner (This scanner is for use with internet explorer only) Click on "Accept" You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.

archiep View Member Profile	Feb 23 2008, 05:20 AM Post #17
Member Posts: 39 OS: XP	------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, February 23, 2008 3:20:01 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 23/02/2008 Kaspersky Anti-Virus database records: 576118 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ K:\ L:\ S:\ Scan Statistics: Total number of scanned objects: 133835 Number of viruses found: 3 Number of infected objects: 63 Number of suspicious objects: 0 Duration of the scan process: 02:47:11 Infected Object Name / Virus Name / Last Action C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\history.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\parent.lock Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\search.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{88B20E01-8D70-41BB-87E4-3732587DA986}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{88B20E01-8D70-41BB-87E4-3732587DA986}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2gjv0060.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008022220080223\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_171c.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_1728.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_22b8.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_9b8.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\ZLT064b5.TMP Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\ZLT064f3.TMP Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEF91.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\My Documents\brave\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-02-21.02-19-22.log Object is locked skipped C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\billing_Administrator.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\client_Administrator.log Object is locked skipped C:\Program Files\Yahoo!\Messenger\logs\network_Administrator.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{175DF0A8-4500-4931-AC6E-7EA276B4416E}\RP94\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\ARCHIE.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd0269.sys Object is locked skipped C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000004-20021102}.CDF Object is locked skipped F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\428ac44f90666536b4bf62ef98427d67_43fba08a-702f-4006-bb9e-dd0ed42d4ff0 Object is locked skipped F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea0b310e4fd2a27fbcc223aca12badd6_43fba08a-702f-4006-bb9e-dd0ed42d4ff0 Object is locked skipped F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO/Goodies/PROGRAMS & EXTRA STUFF/WinZip 9.0.6224-SR1.zip/WinZip 9.0.6224-SR1/WinZip-KEY-GEN.exe Infected: Trojan-Dropper.Win32.Delf.fl skipped F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO/Goodies/PROGRAMS & EXTRA STUFF/WinZip 9.0.6224-SR1.zip Infected: Trojan-Dropper.Win32.Delf.fl skipped F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO ISOimage: infected - 2 skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\iPod_Control\Device\Accessories.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F00.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F01.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F02.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F03.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F04.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F05.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F06.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F07.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F08.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F09.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F10.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F11.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F12.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F13.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F14.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F15.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F16.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F17.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F18.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F19.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F20.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F21.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F22.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F23.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F24.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F25.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F26.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F27.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F28.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F29.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F30.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F31.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F32.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F33.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F34.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F35.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F36.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F37.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F38.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F39.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F40.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F41.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F42.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F43.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F44.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F45.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F46.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F47.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F48.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music\F49.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Device.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\iTunes.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Music.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control\Artwork.exe Infected: Virus.Win32.VB.eg skipped G:\iPod_Control.exe Infected: Virus.Win32.VB.eg skipped G:\Contacts.exe Infected: Virus.Win32.VB.eg skipped G:\Calendars.exe Infected: Virus.Win32.VB.eg skipped G:\Notes.exe Infected: Virus.Win32.VB.eg skipped G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped Scan process completed.

kahdah View Member Profile	Feb 23 2008, 08:54 AM Post #18
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	PLease have the F:\G:\ L:\ K:\ and S:\Drives plugged in during this process. =================================================== Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO G:\iPod_Control\Device\Accessories.exe G:\iPod_Control\Music\F00.exe G:\iPod_Control\Music\F01.exe G:\iPod_Control\Music\F02.exe G:\iPod_Control\Music\F03.exe G:\iPod_Control\Music\F04.exe G:\iPod_Control\Music\F05.exe G:\iPod_Control\Music\F06.exe G:\iPod_Control\Music\F07.exe G:\iPod_Control\Music\F08.exe G:\iPod_Control\Music\F09.exe G:\iPod_Control\Music\F10.exe G:\iPod_Control\Music\F11.exe G:\iPod_Control\Music\F12.exe G:\iPod_Control\Music\F13.exe G:\iPod_Control\Music\F14.exe G:\iPod_Control\Music\F15.exe G:\iPod_Control\Music\F16.exe G:\iPod_Control\Music\F17.exe G:\iPod_Control\Music\F18.exe G:\iPod_Control\Music\F19.exe G:\iPod_Control\Music\F20.exe G:\iPod_Control\Music\F21.exe G:\iPod_Control\Music\F22.exe G:\iPod_Control\Music\F23.exe G:\iPod_Control\Music\F24.exe G:\iPod_Control\Music\F25.exe G:\iPod_Control\Music\F26.exe G:\iPod_Control\Music\F27.exe G:\iPod_Control\Music\F28.exe G:\iPod_Control\Music\F29.exe G:\iPod_Control\Music\F30.exe G:\iPod_Control\Music\F31.exe G:\iPod_Control\Music\F32.exe G:\iPod_Control\Music\F33.exe G:\iPod_Control\Music\F34.exe G:\iPod_Control\Music\F35.exe G:\iPod_Control\Music\F36.exe G:\iPod_Control\Music\F37.exe G:\iPod_Control\Music\F38.exe G:\iPod_Control\Music\F39.exe G:\iPod_Control\Music\F40.exe G:\iPod_Control\Music\F41.exe G:\iPod_Control\Music\F42.exe G:\iPod_Control\Music\F43.exe G:\iPod_Control\Music\F44.exe G:\iPod_Control\Music\F45.exe G:\iPod_Control\Music\F46.exe G:\iPod_Control\Music\F47.exe G:\iPod_Control\Music\F48.exe G:\iPod_Control\Music\F49.exe G:\iPod_Control\Device.exe G:\iPod_Control\iTunes.exe G:\iPod_Control\Music.exe G:\iPod_Control\Artwork.exe K:\auotrun.inf L:\suppress_explorer.exe S:\Autorun.exe Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste. Click the red Moveit! button. OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ======================================= PLease post hte OtMove it 2 log and a new Hijackthis log please.

archiep View Member Profile	Feb 24 2008, 04:31 AM Post #19
Member Posts: 39 OS: XP	F:\Documents and Settings\Archie\My Documents\ADOBE.PHOTOSHOP.CS2.ISO moved successfully. G:\iPod_Control\Device\Accessories.exe moved successfully. G:\iPod_Control\Music\F00.exe moved successfully. G:\iPod_Control\Music\F01.exe moved successfully. G:\iPod_Control\Music\F02.exe moved successfully. G:\iPod_Control\Music\F03.exe moved successfully. G:\iPod_Control\Music\F04.exe moved successfully. G:\iPod_Control\Music\F05.exe moved successfully. G:\iPod_Control\Music\F06.exe moved successfully. G:\iPod_Control\Music\F07.exe moved successfully. G:\iPod_Control\Music\F08.exe moved successfully. G:\iPod_Control\Music\F09.exe moved successfully. G:\iPod_Control\Music\F10.exe moved successfully. G:\iPod_Control\Music\F11.exe moved successfully. G:\iPod_Control\Music\F12.exe moved successfully. G:\iPod_Control\Music\F13.exe moved successfully. G:\iPod_Control\Music\F14.exe moved successfully. G:\iPod_Control\Music\F15.exe moved successfully. G:\iPod_Control\Music\F16.exe moved successfully. G:\iPod_Control\Music\F17.exe moved successfully. G:\iPod_Control\Music\F18.exe moved successfully. G:\iPod_Control\Music\F19.exe moved successfully. G:\iPod_Control\Music\F20.exe moved successfully. G:\iPod_Control\Music\F21.exe moved successfully. G:\iPod_Control\Music\F22.exe moved successfully. G:\iPod_Control\Music\F23.exe moved successfully. G:\iPod_Control\Music\F24.exe moved successfully. G:\iPod_Control\Music\F25.exe moved successfully. G:\iPod_Control\Music\F26.exe moved successfully. G:\iPod_Control\Music\F27.exe moved successfully. G:\iPod_Control\Music\F28.exe moved successfully. G:\iPod_Control\Music\F29.exe moved successfully. G:\iPod_Control\Music\F30.exe moved successfully. G:\iPod_Control\Music\F31.exe moved successfully. G:\iPod_Control\Music\F32.exe moved successfully. G:\iPod_Control\Music\F33.exe moved successfully. G:\iPod_Control\Music\F34.exe moved successfully. G:\iPod_Control\Music\F35.exe moved successfully. G:\iPod_Control\Music\F36.exe moved successfully. G:\iPod_Control\Music\F37.exe moved successfully. G:\iPod_Control\Music\F38.exe moved successfully. G:\iPod_Control\Music\F39.exe moved successfully. G:\iPod_Control\Music\F40.exe moved successfully. G:\iPod_Control\Music\F41.exe moved successfully. G:\iPod_Control\Music\F42.exe moved successfully. G:\iPod_Control\Music\F43.exe moved successfully. G:\iPod_Control\Music\F44.exe moved successfully. G:\iPod_Control\Music\F45.exe moved successfully. G:\iPod_Control\Music\F46.exe moved successfully. G:\iPod_Control\Music\F47.exe moved successfully. G:\iPod_Control\Music\F48.exe moved successfully. G:\iPod_Control\Music\F49.exe moved successfully. G:\iPod_Control\Device.exe moved successfully. G:\iPod_Control\iTunes.exe moved successfully. G:\iPod_Control\Music.exe moved successfully. G:\iPod_Control\Artwork.exe moved successfully. File/Folder K:\auotrun.inf not found. File move failed. L:\suppress_explorer.exe scheduled to be moved on reboot. File move failed. S:\Autorun.exe scheduled to be moved on reboot. OTMoveIt2 v1.0.20 log created on 02232008_135011

kahdah View Member Profile	Feb 24 2008, 08:52 AM Post #20
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Please go to Start>Run type in Notepad. Copy what is in the code box below into the open Notepad window. Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop. CODE @Echo off attrib -s -r -h "L:\suppress_explorer.exe" del /q "L:\suppress_explorer.exe" attrib -s -r -h "S:\Autorun.exe " del /q "S:\Autorun.exe " quit Don't do anything with this yet. ===================== Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.* Then please double click on fixthis.bat a window will open and close quickly.This is normal. After that please reboot into normal windows and post a new Hijackthis log and check those drives to see if those files are still present.

archiep View Member Profile	Feb 25 2008, 04:04 PM Post #21
Member Posts: 39 OS: XP	Logfile of HijackThis v1.99.1 Scan saved at 2:04:29 PM, on 2/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\windows\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\windows\system32\ZuneBusEnum.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\wscntfy.exe C:\windows\Explorer.EXE C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\windows\system32\CTHELPER.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\windows\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\iTunes\iTunes.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\hijack\show.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190602144718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190602136046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

kahdah View Member Profile	Feb 25 2008, 08:23 PM Post #22
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Can yo check and see if these files are present please : S:\Autorun.exe L:\suppress_explorer.exe

archiep View Member Profile	Feb 25 2008, 10:28 PM Post #23
Member Posts: 39 OS: XP	yes those are present and its a mounted image of a cd pretty much its under a virtual drive

kahdah View Member Profile	Feb 26 2008, 03:04 AM Post #24
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Please submit the following files to one of these online file scanners. (All you have to do is copy and paste them in one at a time) S:\Autorun.exe L:\suppress_explorer.exe Jotti File Scan VirusTotal File Scan This will produce a report after the scan is complete, please copy and paste those results in your next post.

archiep View Member Profile	Feb 26 2008, 06:05 AM Post #25
Member Posts: 39 OS: XP	File Autorun.exe received on 02.26.2008 12:49:39 (CET) Antivirus Version Last Update Result AhnLab-V3 2008.2.22.0 2008.02.26 - AntiVir 7.6.0.67 2008.02.26 - Authentium 4.93.8 2008.02.26 - Avast 4.7.1098.0 2008.02.25 - AVG 7.5.0.516 2008.02.26 - BitDefender 7.2 2008.02.26 - CAT-QuickHeal 9.50 2008.02.26 - ClamAV 0.92.1 2008.02.26 - DrWeb 4.44.0.09170 2008.02.26 - eSafe 7.0.15.0 2008.02.26 - eTrust-Vet 31.3.5564 2008.02.26 - Ewido 4.0 2008.02.25 - FileAdvisor 1 2008.02.26 - Fortinet 3.14.0.0 2008.02.26 - F-Prot 4.4.2.54 2008.02.25 - F-Secure 6.70.13260.0 2008.02.26 - Ikarus T3.1.1.20 2008.02.26 - Kaspersky 7.0.0.125 2008.02.26 - McAfee 5237 2008.02.25 - Microsoft 1.3204 2008.02.26 - NOD32v2 2902 2008.02.26 - Norman 5.80.02 2008.02.25 - Panda 9.0.0.4 2008.02.25 - Prevx1 V2 2008.02.26 - Rising 20.33.12.00 2008.02.26 - Sophos 4.27.0 2008.02.26 - Sunbelt 3.0.893.0 2008.02.23 - Symantec 10 2008.02.26 - TheHacker 6.2.9.229 2008.02.25 - VirusBuster 4.3.26:9 2008.02.25 - Webwasher-Gateway 6.6.2 2008.02.26 - Additional information File size: 180224 bytes MD5: 359ed5104d78dec90e0ceef4d32f749d SHA1: 6ee451b304a00e3d05ec28858dfa9177ed1d12dc PEiD: - File suppress_explorer.exe received on 02.26.2008 13:00:46 (CET) Antivirus Version Last Update Result AhnLab-V3 2008.2.22.0 2008.02.26 - AntiVir 7.6.0.67 2008.02.26 - Authentium 4.93.8 2008.02.26 - Avast 4.7.1098.0 2008.02.25 - AVG 7.5.0.516 2008.02.26 - BitDefender 7.2 2008.02.26 - CAT-QuickHeal 9.50 2008.02.26 - ClamAV 0.92.1 2008.02.26 - DrWeb 4.44.0.09170 2008.02.26 - eSafe 7.0.15.0 2008.02.26 - eTrust-Vet 31.3.5564 2008.02.26 - Ewido 4.0 2008.02.26 - FileAdvisor 1 2008.02.26 - Fortinet 3.14.0.0 2008.02.26 - F-Prot 4.4.2.54 2008.02.25 - F-Secure 6.70.13260.0 2008.02.26 - Ikarus T3.1.1.20 2008.02.26 - Kaspersky 7.0.0.125 2008.02.26 - McAfee 5237 2008.02.25 - Microsoft 1.3204 2008.02.26 - NOD32v2 2902 2008.02.26 - Norman 5.80.02 2008.02.25 - Panda 9.0.0.4 2008.02.25 - Prevx1 V2 2008.02.26 - Rising 20.33.12.00 2008.02.26 - Sophos 4.27.0 2008.02.26 - Sunbelt 3.0.893.0 2008.02.23 - Symantec 10 2008.02.26 - TheHacker 6.2.9.229 2008.02.25 - VBA32 3.12.6.2 2008.02.26 - VirusBuster 4.3.26:9 2008.02.25 - Webwasher-Gateway 6.6.2 2008.02.26 - Additional information File size: 81920 bytes MD5: ecd87e69a4cfcbf6ea205d037185e363 SHA1: 44d9c99ee0a49f54a2179dc29fffa370da12e9c9 PEiD: - Antivirus Version Last Update Result AhnLab-V3 2008.2.22.0 2008.02.26 - AntiVir 7.6.0.67 2008.02.26 - Authentium 4.93.8 2008.02.26 - Avast 4.7.1098.0 2008.02.25 - AVG 7.5.0.516 2008.02.26 - BitDefender 7.2 2008.02.26 - CAT-QuickHeal 9.50 2008.02.26 - ClamAV 0.92.1 2008.02.26 - DrWeb 4.44.0.09170 2008.02.26 - eSafe 7.0.15.0 2008.02.26 - eTrust-Vet 31.3.5564 2008.02.26 - Ewido 4.0 2008.02.26 - FileAdvisor 1 2008.02.26 - Fortinet 3.14.0.0 2008.02.26 - F-Prot 4.4.2.54 2008.02.25 - F-Secure 6.70.13260.0 2008.02.26 - Ikarus T3.1.1.20 2008.02.26 - Kaspersky 7.0.0.125 2008.02.26 - McAfee 5237 2008.02.25 - Microsoft 1.3204 2008.02.26 - NOD32v2 2902 2008.02.26 - Norman 5.80.02 2008.02.25 - Panda 9.0.0.4 2008.02.25 - Prevx1 V2 2008.02.26 - Rising 20.33.12.00 2008.02.26 - Sophos 4.27.0 2008.02.26 - Sunbelt 3.0.893.0 2008.02.23 - Symantec 10 2008.02.26 - TheHacker 6.2.9.229 2008.02.25 - VBA32 3.12.6.2 2008.02.26 - VirusBuster 4.3.26:9 2008.02.25 - Webwasher-Gateway 6.6.2 2008.02.26 - Additional information File size: 81920 bytes MD5: ecd87e69a4cfcbf6ea205d037185e363 SHA1: 44d9c99ee0a49f54a2179dc29fffa370da12e9c9 PEiD: -

kahdah View Member Profile	Feb 26 2008, 08:07 PM Post #26
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Those are funy names but they are not infected so we will leave them. ================== Fix these 2 entries with Hijackthis: R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) ================================================================ Make sure you have an Internet Connection. Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. ======= Uninstall MalwareBytes antimalware and anything else we used exceopt for the anti virus program. =========================================================== Then I will need you to reset your System Restore points. How to Turn On and Turn Off System Restore in Windows XP http://support.microsoft.com/kb/310405/en-us ===================================================================== Let me know how things are running ?

archiep View Member Profile	Feb 28 2008, 05:12 AM Post #27
Member Posts: 39 OS: XP	heres the hicjack log hope it looks good Logfile of HijackThis v1.99.1 Scan saved at 3:25:49 AM, on 2/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\windows\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\windows\system32\ZuneBusEnum.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\windows\system32\CTHELPER.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\windows\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\wscntfy.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\hijack\show.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190602144718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190602136046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) This post has been edited by archiep: Feb 28 2008, 05:26 AM

kahdah View Member Profile	Feb 28 2008, 09:15 AM Post #28
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Your log is clean. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here ================================================ Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

archiep View Member Profile	Mar 3 2008, 03:38 PM Post #29
Member Posts: 39 OS: XP	thanks

kahdah View Member Profile	Mar 3 2008, 07:11 PM Post #30
GeekU Teacher Posts: 13,547 From: Florida OS: Windows xp,Vista business	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help removing a trojan horse virus [RESOLVED]	3 / 2,440	16th July 2005 - 07:43 PM ew42445 started - last by TomNJ
Virus, Spyware and Trojan Removal Need help removing Trojan Lop.CV [RESOLVED]	10 / 1,574	30th September 2007 - 06:27 PM kphump started - last by harrythook
Virus, Spyware and Trojan Removal Need Help removing Trojan:Win32/Conhook.I [RESOLVED]	3 / 933	6th August 2008 - 07:13 PM coq started - last by fenzodahl512
Virus, Spyware and Trojan Removal Need help removing Trojan [RESOLVED]	13 / 890	26th November 2008 - 07:18 PM FrustratedScott started - last by Rorschach112