My computer is going really slow... [RESOLVED]
Started by
Guest1234
, Sep 21 2006 06:55 PM
This topic is locked
#31
Posted 08 October 2006 - 07:17 PM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
#32
Posted 09 October 2006 - 09:46 AM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
Copy the following BOLD RED text and PASTE it into Notepad : (make sure wordwrap is turned off)
cd\
echo copying to temp folder
copy C:\WINDOWS\0.log C:\WINDOWS\temp
copy C:\WINDOWS\cmsetacl.log C:\WINDOWS\temp
copy C:\WINDOWS\COM+.log C:\WINDOWS\temp
copy C:\WINDOWS\COMSETUP.log C:\WINDOWS\temp
copy C:\WINDOWS\dahotfix.log C:\WINDOWS\temp
copy C:\WINDOWS\DHCPUPG.log C:\WINDOWS\temp
copy C:\WINDOWS\DirectX.log C:\WINDOWS\temp
copy C:\WINDOWS\DtcInstall.log C:\WINDOWS\temp
copy C:\WINDOWS\FaxSetup.log C:\WINDOWS\temp
copy C:\WINDOWS\IEPatchUninstall.log C:\WINDOWS\temp
copy C:\WINDOWS\IIS6.log C:\WINDOWS\temp
copy C:\WINDOWS\imsins.log C:\WINDOWS\temp
copy C:\WINDOWS\KB*.log C:\WINDOWS\temp
copy C:\WINDOWS\MSGSOCM.log C:\WINDOWS\temp
copy C:\WINDOWS\nsw.log C:\WINDOWS\temp
copy C:\WINDOWS\ntdtcsetup.log C:\WINDOWS\temp
copy C:\WINDOWS\OCGEN.log C:\WINDOWS\temp
copy C:\WINDOWS\OCMSN.log C:\WINDOWS\temp
copy C:\WINDOWS\OOBEACT.log C:\WINDOWS\temp
copy C:\WINDOWS\Q3*.log C:\WINDOWS\temp
copy C:\WINDOWS\Q8*.log C:\WINDOWS\temp
copy C:\WINDOWS\REGOPT.log C:\WINDOWS\temp
copy C:\WINDOWS\sessmgr.setup.log C:\WINDOWS\temp
copy C:\WINDOWS\setupact.log C:\WINDOWS\temp
copy C:\WINDOWS\setupapi.log C:\WINDOWS\temp
copy C:\WINDOWS\setuperr.log C:\WINDOWS\temp
copy C:\WINDOWS\spupdsvc.log C:\WINDOWS\temp
copy C:\WINDOWS\Sti_Trace.log C:\WINDOWS\temp
copy C:\WINDOWS\svcpack.log C:\WINDOWS\temp
copy C:\WINDOWS\updspapi.log C:\WINDOWS\temp
copy C:\WINDOWS\vmuninst.log C:\WINDOWS\temp
copy C:\WINDOWS\WgaNotify.log C:\WINDOWS\temp
copy C:\WINDOWS\WIADEBUG.log C:\WINDOWS\temp
copy C:\WINDOWS\WIASERVC.log C:\WINDOWS\temp
copy C:\WINDOWS\Windows Update.log C:\WINDOWS\temp
copy C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\temp
copy C:\WINDOWS\WINNT32.log C:\WINDOWS\temp
copy C:\WINDOWS\wmsetup.log C:\WINDOWS\temp
copy C:\WINDOWS\wmsetup10.log C:\WINDOWS\temp
copy C:\WINDOWS\xpsp1hfm.log C:\WINDOWS\temp
echo deleting
del C:\WINDOWS\*.log
echo copy legit logs back
copy C:\WINDOWS\temp\*.log C:\WINDOWS\temp /v
Click on File, Save as
File Type: All Files (not as a text document or it wont work).
Name: logjes.bat
Save it to your Desktop
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button
Close HijackThis
Double click on logjes.bat on your desktop to run it
When it finishes, Reboot back to Normal Mode
Run Panda Active Scan again
Post a fresh HijackThis log and the Panda Active Scan log here
cd\
echo copying to temp folder
copy C:\WINDOWS\0.log C:\WINDOWS\temp
copy C:\WINDOWS\cmsetacl.log C:\WINDOWS\temp
copy C:\WINDOWS\COM+.log C:\WINDOWS\temp
copy C:\WINDOWS\COMSETUP.log C:\WINDOWS\temp
copy C:\WINDOWS\dahotfix.log C:\WINDOWS\temp
copy C:\WINDOWS\DHCPUPG.log C:\WINDOWS\temp
copy C:\WINDOWS\DirectX.log C:\WINDOWS\temp
copy C:\WINDOWS\DtcInstall.log C:\WINDOWS\temp
copy C:\WINDOWS\FaxSetup.log C:\WINDOWS\temp
copy C:\WINDOWS\IEPatchUninstall.log C:\WINDOWS\temp
copy C:\WINDOWS\IIS6.log C:\WINDOWS\temp
copy C:\WINDOWS\imsins.log C:\WINDOWS\temp
copy C:\WINDOWS\KB*.log C:\WINDOWS\temp
copy C:\WINDOWS\MSGSOCM.log C:\WINDOWS\temp
copy C:\WINDOWS\nsw.log C:\WINDOWS\temp
copy C:\WINDOWS\ntdtcsetup.log C:\WINDOWS\temp
copy C:\WINDOWS\OCGEN.log C:\WINDOWS\temp
copy C:\WINDOWS\OCMSN.log C:\WINDOWS\temp
copy C:\WINDOWS\OOBEACT.log C:\WINDOWS\temp
copy C:\WINDOWS\Q3*.log C:\WINDOWS\temp
copy C:\WINDOWS\Q8*.log C:\WINDOWS\temp
copy C:\WINDOWS\REGOPT.log C:\WINDOWS\temp
copy C:\WINDOWS\sessmgr.setup.log C:\WINDOWS\temp
copy C:\WINDOWS\setupact.log C:\WINDOWS\temp
copy C:\WINDOWS\setupapi.log C:\WINDOWS\temp
copy C:\WINDOWS\setuperr.log C:\WINDOWS\temp
copy C:\WINDOWS\spupdsvc.log C:\WINDOWS\temp
copy C:\WINDOWS\Sti_Trace.log C:\WINDOWS\temp
copy C:\WINDOWS\svcpack.log C:\WINDOWS\temp
copy C:\WINDOWS\updspapi.log C:\WINDOWS\temp
copy C:\WINDOWS\vmuninst.log C:\WINDOWS\temp
copy C:\WINDOWS\WgaNotify.log C:\WINDOWS\temp
copy C:\WINDOWS\WIADEBUG.log C:\WINDOWS\temp
copy C:\WINDOWS\WIASERVC.log C:\WINDOWS\temp
copy C:\WINDOWS\Windows Update.log C:\WINDOWS\temp
copy C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\temp
copy C:\WINDOWS\WINNT32.log C:\WINDOWS\temp
copy C:\WINDOWS\wmsetup.log C:\WINDOWS\temp
copy C:\WINDOWS\wmsetup10.log C:\WINDOWS\temp
copy C:\WINDOWS\xpsp1hfm.log C:\WINDOWS\temp
echo deleting
del C:\WINDOWS\*.log
echo copy legit logs back
copy C:\WINDOWS\temp\*.log C:\WINDOWS\temp /v
Click on File, Save as
File Type: All Files (not as a text document or it wont work).
Name: logjes.bat
Save it to your Desktop
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button
Close HijackThis
Double click on logjes.bat on your desktop to run it
When it finishes, Reboot back to Normal Mode
Run Panda Active Scan again
Post a fresh HijackThis log and the Panda Active Scan log here
Edited by Linkmaster, 09 October 2006 - 09:50 AM.
#33
Posted 09 October 2006 - 05:02 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
Panda
Incident Status Location
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_psqvgl.log
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 4:01:57 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files 2\BitComet\BitComet.exe
C:\Program Files\AIM\aim.exe
E:\Program Files 2\Winamp\winamp.exe
C:\WINDOWS\SYSTEM32\sol.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
lookup log file thing
Volume in drive C has no label.
Volume Serial Number is 9478-6C07
Directory of C:\WINDOWS
10/09/2006 02:57 PM 0 0.log
12/01/2004 09:49 PM 0 n_psqvgl.log
10/09/2006 02:58 PM 0 Sti_Trace.log
10/09/2006 02:57 PM 2,801 WindowsUpdate.log
4 File(s) 2,801 bytes
Directory of C:\WINDOWS\Debug
09/15/2004 03:56 PM 286 blastcln.log
09/14/2006 09:16 AM 14,240 mrt.log
08/17/2006 11:45 PM 3,813 NetSetup.LOG
10/09/2006 02:57 PM 0 PASSWD.LOG
10/03/2005 08:09 PM 27 TSCDebug.log
5 File(s) 18,366 bytes
Directory of C:\WINDOWS\Debug\WPD
07/08/2005 11:08 PM 0 wpdtrace.log
1 File(s) 0 bytes
Directory of C:\WINDOWS\PCHealth\HelpCtr\Logs
09/15/2004 03:47 PM 569,692 HCUPDATE.LOG
06/26/2004 12:47 PM 1,290 helpctr.log
2 File(s) 570,982 bytes
Directory of C:\WINDOWS\REPAIR
09/03/2002 12:29 AM 204,608 SETUP.LOG
1 File(s) 204,608 bytes
Directory of C:\WINDOWS\report
04/14/2005 07:04 PM 351 20050414.log
04/26/2005 07:09 PM 351 20050426.log
10/03/2005 08:09 PM 351 20051003.log
3 File(s) 1,053 bytes
Directory of C:\WINDOWS\SECURITY\LOGS
09/03/2002 07:00 AM 2,936 BACKUP.LOG
10/14/2003 01:11 AM 3,112 convert.log
09/03/2002 06:51 AM 218 SceRoot.log
09/03/2002 07:00 AM 117,188 SCESETUP.LOG
10/14/2003 01:10 AM 458 scesrv.log
09/15/2004 03:49 PM 7,210 update.log
6 File(s) 131,122 bytes
Directory of C:\WINDOWS\SoftwareDistribution
10/09/2006 02:38 PM 627,534 ReportingEvents.log
1 File(s) 627,534 bytes
Directory of C:\WINDOWS\SoftwareDistribution\DataStore\Logs
10/09/2006 03:03 PM 131,072 edb.log
09/14/2006 08:43 AM 131,072 edb0006B.log
09/20/2006 02:05 AM 131,072 edb0006C.log
10/02/2006 08:47 AM 131,072 edb0006D.log
07/29/2004 03:08 PM 131,072 res1.log
07/29/2004 03:08 PM 131,072 res2.log
6 File(s) 786,432 bytes
Directory of C:\WINDOWS\SYSTEM32
04/01/2005 10:18 PM 0 awupc.log
04/13/2005 02:51 AM 0 ftegg.log
03/16/2006 10:58 PM 3,402 jupdate-1.5.0_03-b07.log
03/31/2006 08:14 PM 6,617 jupdate-1.5.0_06-b05.log
03/25/2005 02:18 PM 0 qgxqm.log
04/24/2005 10:58 PM 1,194 qtplugin.log
09/15/2004 03:55 PM 255 spupdwxp.log
03/17/2005 12:10 PM 0 wiizn.log
04/13/2005 08:31 PM 0 xtoli.log
9 File(s) 11,468 bytes
Directory of C:\WINDOWS\SYSTEM32\CatRoot2
10/07/2006 11:56 PM 131,072 edb.log
10/07/2006 01:51 PM 131,072 edb00129.log
02/01/2004 02:24 PM 131,072 res1.log
02/01/2004 02:24 PM 131,072 res2.log
4 File(s) 524,288 bytes
Directory of C:\WINDOWS\SYSTEM32\CONFIG
10/09/2006 02:58 PM 1,024 DEFAULT.LOG
10/09/2006 02:57 PM 1,024 SAM.LOG
10/09/2006 03:07 PM 1,024 SECURITY.LOG
10/09/2006 04:06 PM 1,024 SOFTWARE.LOG
10/09/2006 02:58 PM 1,024 SYSTEM.LOG
09/03/2002 06:47 AM 1,024 TempKey.LOG
09/03/2002 06:47 AM 1,024 USERDIFF.LOG
7 File(s) 7,168 bytes
Directory of C:\WINDOWS\SYSTEM32\CONFIG\systemprofile
09/14/2006 09:16 AM 1,024 NTUSER.DAT.LOG
1 File(s) 1,024 bytes
Directory of C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Windows
10/14/2003 01:31 AM 1,024 UsrClass.dat.LOG
1 File(s) 1,024 bytes
Directory of C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR
08/23/2006 03:50 PM 304 httperr1.log
1 File(s) 304 bytes
Directory of C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10
02/19/2006 05:10 PM 132,315 Install.log
1 File(s) 132,315 bytes
Directory of C:\WINDOWS\SYSTEM32\Macromed\Shockwave 8
12/19/2003 11:01 PM 35,823 Install.log
1 File(s) 35,823 bytes
Directory of C:\WINDOWS\SYSTEM32\MsDtc
10/24/2003 07:36 PM 4,194,304 MSDTC.LOG
1 File(s) 4,194,304 bytes
Directory of C:\WINDOWS\SYSTEM32\MsDtc\Trace
08/10/2005 12:23 PM 24,576 dtctrace.log
1 File(s) 24,576 bytes
Directory of C:\WINDOWS\SYSTEM32\QuickTime
04/24/2005 10:58 PM 8,183 Uninstall.log
1 File(s) 8,183 bytes
Directory of C:\WINDOWS\SYSTEM32\WBEM\Logs
10/09/2006 02:58 PM 247,000 FrameWork.log
03/05/2006 09:34 PM 24,015 MOFCOMP.LOG
01/11/2006 10:14 PM 2 NTEVT.log
09/15/2004 03:55 PM 400 replog.log
09/15/2004 03:43 PM 5,286 SETUP.LOG
09/03/2002 06:56 AM 119 WBEMCORE.LOG
10/09/2006 02:58 PM 6,116 wbemess.log
10/06/2006 06:31 AM 2,273 wbemprox.log
01/11/2006 10:14 PM 2 WBEMSNMP.log
09/15/2004 03:22 PM 28,350 WinMgmt.log
08/18/2006 12:47 AM 10,347 WMIADAP.LOG
10/09/2006 03:01 PM 39,441 wmiprov.log
12 File(s) 363,351 bytes
Directory of C:\WINDOWS\Temp
10/09/2006 02:37 PM 0 0.LOG
09/15/2004 03:44 PM 200 cmsetacl.log
09/27/2006 03:33 PM 334,225 COMSETUP.LOG
02/01/2004 12:20 AM 17,976 dahotfix.log
02/01/2004 03:18 PM 225 DHCPUPG.LOG
10/14/2003 01:10 AM 57,154 DirectX.log
09/15/2004 03:56 PM 731 DtcInstall.log
09/27/2006 03:33 PM 988,744 FaxSetup.log
02/02/2004 07:34 PM 125 IEPatchUninstall.log
09/27/2006 03:33 PM 141,915 IIS6.LOG
09/27/2006 03:33 PM 1,374 imsins.log
02/01/2004 02:38 PM 10,527 KB821253.log
02/01/2004 12:25 AM 17,415 KB821557.log
08/11/2004 12:18 PM 41,784 KB822603.log
02/01/2004 12:23 AM 15,287 KB823182.log
02/01/2004 12:26 AM 18,230 KB823559.log
08/24/2004 03:44 PM 14,589 KB824105.log
02/01/2004 12:24 AM 9,248 KB824141.log
12/30/2004 09:05 AM 9,892 KB824146.log
08/24/2004 03:44 PM 14,213 KB825119.log
07/30/2004 05:23 AM 18,915 KB826939.log
08/30/2004 05:31 AM 6,481 KB828035.log
09/27/2004 01:53 PM 12,818 KB828741.log
10/12/2004 06:59 PM 7,560 KB834707.log
04/07/2005 02:45 AM 18,360 KB835732.log
05/01/2004 02:30 PM 8,431 KB837001.log
03/24/2005 05:47 AM 2,729 KB839643-DirectX9.log
08/24/2004 03:44 PM 7,333 KB839645.log
07/14/2004 10:58 AM 4,335 KB840315.log
08/29/2004 12:13 PM 16,694 KB840374.log
12/08/2004 10:50 AM 5,680 KB841873.log
07/14/2004 10:58 AM 5,677 KB842773.log
03/23/2005 12:29 PM 12,756 KB867282.log
02/08/2005 09:55 PM 12,801 KB873333.log
04/07/2005 02:45 AM 9,729 KB873339.log
06/14/2005 10:31 PM 16,049 KB883939.log
02/08/2005 09:56 PM 17,581 KB885250.log
12/14/2004 06:47 PM 10,500 KB885835.log
12/14/2004 06:48 PM 9,744 KB885836.log
10/12/2004 06:59 PM 3,016 KB885884.log
12/14/2004 06:47 PM 6,056 KB886185.log
02/08/2005 09:56 PM 16,853 KB887472.log
02/22/2005 10:42 PM 9,519 KB887742.log
02/08/2005 09:56 PM 17,347 KB888113.log
02/08/2005 09:55 PM 10,041 KB888302.log
06/14/2005 10:29 PM 11,021 KB890046.log
02/08/2005 09:55 PM 10,791 KB890047.log
01/12/2005 05:03 PM 9,472 KB890175.log
04/13/2005 08:58 AM 14,331 KB890859.log
04/13/2005 08:59 AM 16,498 KB890923.log
02/08/2005 09:56 PM 16,149 KB891781.log
06/14/2005 10:29 PM 25,959 KB893066.log
04/13/2005 08:59 AM 13,180 KB893086.log
08/10/2005 12:30 PM 19,314 KB893756.log
04/13/2005 08:58 AM 7,462 KB893803.log
05/19/2005 06:56 PM 6,820 KB893803v2.log
08/10/2005 12:31 PM 21,872 KB894391.log
06/14/2005 10:30 PM 11,212 KB896358.log
06/14/2005 10:31 PM 15,119 KB896422.log
08/10/2005 12:30 PM 20,146 KB896423.log
11/09/2005 04:54 PM 11,768 KB896424.log
06/14/2005 10:29 PM 10,239 KB896428.log
10/15/2005 02:48 PM 16,734 KB896688.log
08/10/2005 12:29 PM 19,421 KB896727.log
06/14/2005 10:30 PM 4,579 KB898458.log
06/28/2005 03:30 PM 6,885 KB898461.log
08/10/2005 12:30 PM 19,637 KB899587.log
08/10/2005 12:30 PM 18,607 KB899588.log
08/10/2005 12:30 PM 19,142 KB899591.log
04/29/2006 11:00 PM 11,463 KB900485.log
10/15/2005 02:47 PM 14,323 KB900725.log
10/15/2005 02:49 PM 23,990 KB901017.log
02/18/2006 02:43 PM 9,810 KB901190.log
07/12/2005 01:35 PM 9,981 KB901214.log
10/15/2005 02:49 PM 26,225 KB902400.log
07/12/2005 01:35 PM 3,830 KB903235.log
10/15/2005 02:46 PM 12,050 KB904706.log
10/15/2005 02:48 PM 14,630 KB905414.log
10/15/2005 02:45 PM 11,866 KB905749.log
12/14/2005 09:34 PM 17,918 KB905915.log
01/12/2006 06:31 PM 9,999 KB908519.log
04/16/2006 11:11 AM 17,366 KB908531.log
12/14/2005 09:34 PM 12,539 KB910437.log
06/17/2006 12:07 AM 14,272 KB911280.log
04/16/2006 11:11 AM 16,552 KB911562.log
02/18/2006 02:43 PM 9,487 KB911564.log
04/16/2006 11:10 AM 19,673 KB911565.log
04/16/2006 11:09 AM 10,600 KB911567.log
02/18/2006 02:44 PM 10,652 KB911927.log
04/16/2006 11:10 AM 17,981 KB912812.log
01/05/2006 10:24 PM 10,974 KB912919.log
02/18/2006 02:43 PM 6,689 KB913446.log
05/10/2006 08:48 AM 11,698 KB913580.log
07/13/2006 04:22 AM 12,243 KB914388.log
06/17/2006 12:07 AM 11,445 KB914389.log
06/17/2006 12:07 AM 17,422 KB916281.log
07/13/2006 04:22 AM 10,304 KB916595.log
07/13/2006 04:23 AM 11,765 KB917159.log
06/17/2006 12:07 AM 14,503 KB917344.log
08/09/2006 12:17 PM 12,087 KB917422.log
06/17/2006 12:08 AM 13,868 KB917734.log
06/17/2006 12:07 AM 14,256 KB917953.log
06/17/2006 12:07 AM 14,116 KB918439.log
08/09/2006 12:17 PM 22,171 KB918899.log
09/14/2006 09:16 AM 11,449 KB919007.log
08/09/2006 12:18 PM 19,588 KB920214.log
08/09/2006 12:17 PM 12,742 KB920670.log
08/09/2006 12:16 PM 12,317 KB920683.log
09/14/2006 09:17 AM 11,246 KB920685.log
09/14/2006 09:17 AM 13,286 KB920872.log
08/09/2006 12:18 PM 19,607 KB921398.log
08/09/2006 12:18 PM 19,442 KB921883.log
09/14/2006 09:16 AM 7,730 KB922582.log
08/09/2006 12:18 PM 19,143 KB922616.log
09/27/2006 03:33 PM 12,376 KB925486.log
09/27/2006 03:33 PM 52,302 MSGSOCM.LOG
08/17/2006 11:46 PM 302 nsw.log
09/27/2006 03:33 PM 214,879 ntdtcsetup.log
09/27/2006 03:33 PM 605,804 OCGEN.LOG
09/27/2006 03:33 PM 51,965 OCMSN.LOG
10/27/2004 01:46 PM 52 OOBEACT.LOG
02/01/2004 12:31 AM 14,297 Q323255.log
10/14/2003 01:14 AM 15,436 Q327979.log
08/04/2004 08:31 AM 34,801 Q328213.log
04/20/2005 10:13 PM 30,388 Q328310.log
09/26/2004 04:17 PM 25,706 Q329048.log
08/04/2004 08:31 AM 14,730 Q329115.log
04/02/2005 04:50 PM 27,467 Q329170.log
09/26/2004 04:17 PM 14,727 Q329390.log
08/14/2004 12:03 PM 20,810 Q329441.log
09/26/2004 04:17 PM 14,037 Q329834.log
04/02/2005 04:50 PM 12,407 Q329909.log
07/30/2004 05:33 AM 9,031 Q331060.log
10/14/2003 01:18 AM 36,422 Q331953.log
08/11/2004 11:56 PM 34,254 Q810565.log
09/30/2004 01:25 AM 39,754 Q810577.log
02/01/2004 12:36 AM 37,100 Q810833.log
08/24/2004 04:06 PM 24,264 Q811630.log
04/23/2005 07:40 PM 19,201 Q811789.log
10/14/2003 01:14 AM 17,151 q812415.log
10/14/2003 01:18 AM 33,254 Q813862.log
02/01/2004 12:31 AM 21,367 Q814033.log
02/01/2004 12:29 AM 20,193 Q815021.log
12/07/2004 12:38 AM 39,080 Q815304.log
10/14/2003 01:17 AM 31,783 Q815485.log
03/29/2005 01:15 AM 39,649 Q816486.log
12/07/2004 12:38 AM 27,766 Q816979.log
03/27/2005 08:59 PM 22,766 Q816981.log
10/14/2003 01:16 AM 23,989 Q816982.log
09/19/2004 03:20 AM 19,378 Q817287.log
11/25/2004 06:02 AM 18,347 Q817606.log
04/11/2005 10:11 AM 42,893 Q828026.log
09/25/2004 12:32 PM 2,242 REGOPT.LOG
09/15/2004 03:43 PM 3,631 sessmgr.setup.log
10/13/2004 04:07 PM 2,442 setupact.log
09/27/2006 03:33 PM 706,039 setupapi.log
09/28/2004 09:29 AM 0 setuperr.log
06/17/2006 10:12 AM 31,583 spupdsvc.log
09/03/2002 06:53 AM 0 Sti_Trace.log
09/15/2004 03:49 PM 424,980 svcpack.log
09/14/2006 09:16 AM 41,620 updspapi.log
11/01/2004 12:53 AM 13,590 vmuninst.log
06/30/2006 12:16 AM 10,115 WgaNotify.log
10/08/2006 11:06 PM 467 WIADEBUG.LOG
10/08/2006 08:23 PM 49 WIASERVC.LOG
10/09/2006 02:50 PM 1,955,229 WindowsUpdate.log
12/19/2004 05:20 AM 416 WINNT32.LOG
10/02/2006 11:35 PM 163,344 wmsetup.log
07/08/2005 11:12 PM 378 wmsetup10.log
11/24/2004 02:38 AM 18,374 xpsp1hfm.log
170 File(s) 8,027,142 bytes
Incident Status Location
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_psqvgl.log
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 4:01:57 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files 2\BitComet\BitComet.exe
C:\Program Files\AIM\aim.exe
E:\Program Files 2\Winamp\winamp.exe
C:\WINDOWS\SYSTEM32\sol.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
lookup log file thing
Volume in drive C has no label.
Volume Serial Number is 9478-6C07
Directory of C:\WINDOWS
10/09/2006 02:57 PM 0 0.log
12/01/2004 09:49 PM 0 n_psqvgl.log
10/09/2006 02:58 PM 0 Sti_Trace.log
10/09/2006 02:57 PM 2,801 WindowsUpdate.log
4 File(s) 2,801 bytes
Directory of C:\WINDOWS\Debug
09/15/2004 03:56 PM 286 blastcln.log
09/14/2006 09:16 AM 14,240 mrt.log
08/17/2006 11:45 PM 3,813 NetSetup.LOG
10/09/2006 02:57 PM 0 PASSWD.LOG
10/03/2005 08:09 PM 27 TSCDebug.log
5 File(s) 18,366 bytes
Directory of C:\WINDOWS\Debug\WPD
07/08/2005 11:08 PM 0 wpdtrace.log
1 File(s) 0 bytes
Directory of C:\WINDOWS\PCHealth\HelpCtr\Logs
09/15/2004 03:47 PM 569,692 HCUPDATE.LOG
06/26/2004 12:47 PM 1,290 helpctr.log
2 File(s) 570,982 bytes
Directory of C:\WINDOWS\REPAIR
09/03/2002 12:29 AM 204,608 SETUP.LOG
1 File(s) 204,608 bytes
Directory of C:\WINDOWS\report
04/14/2005 07:04 PM 351 20050414.log
04/26/2005 07:09 PM 351 20050426.log
10/03/2005 08:09 PM 351 20051003.log
3 File(s) 1,053 bytes
Directory of C:\WINDOWS\SECURITY\LOGS
09/03/2002 07:00 AM 2,936 BACKUP.LOG
10/14/2003 01:11 AM 3,112 convert.log
09/03/2002 06:51 AM 218 SceRoot.log
09/03/2002 07:00 AM 117,188 SCESETUP.LOG
10/14/2003 01:10 AM 458 scesrv.log
09/15/2004 03:49 PM 7,210 update.log
6 File(s) 131,122 bytes
Directory of C:\WINDOWS\SoftwareDistribution
10/09/2006 02:38 PM 627,534 ReportingEvents.log
1 File(s) 627,534 bytes
Directory of C:\WINDOWS\SoftwareDistribution\DataStore\Logs
10/09/2006 03:03 PM 131,072 edb.log
09/14/2006 08:43 AM 131,072 edb0006B.log
09/20/2006 02:05 AM 131,072 edb0006C.log
10/02/2006 08:47 AM 131,072 edb0006D.log
07/29/2004 03:08 PM 131,072 res1.log
07/29/2004 03:08 PM 131,072 res2.log
6 File(s) 786,432 bytes
Directory of C:\WINDOWS\SYSTEM32
04/01/2005 10:18 PM 0 awupc.log
04/13/2005 02:51 AM 0 ftegg.log
03/16/2006 10:58 PM 3,402 jupdate-1.5.0_03-b07.log
03/31/2006 08:14 PM 6,617 jupdate-1.5.0_06-b05.log
03/25/2005 02:18 PM 0 qgxqm.log
04/24/2005 10:58 PM 1,194 qtplugin.log
09/15/2004 03:55 PM 255 spupdwxp.log
03/17/2005 12:10 PM 0 wiizn.log
04/13/2005 08:31 PM 0 xtoli.log
9 File(s) 11,468 bytes
Directory of C:\WINDOWS\SYSTEM32\CatRoot2
10/07/2006 11:56 PM 131,072 edb.log
10/07/2006 01:51 PM 131,072 edb00129.log
02/01/2004 02:24 PM 131,072 res1.log
02/01/2004 02:24 PM 131,072 res2.log
4 File(s) 524,288 bytes
Directory of C:\WINDOWS\SYSTEM32\CONFIG
10/09/2006 02:58 PM 1,024 DEFAULT.LOG
10/09/2006 02:57 PM 1,024 SAM.LOG
10/09/2006 03:07 PM 1,024 SECURITY.LOG
10/09/2006 04:06 PM 1,024 SOFTWARE.LOG
10/09/2006 02:58 PM 1,024 SYSTEM.LOG
09/03/2002 06:47 AM 1,024 TempKey.LOG
09/03/2002 06:47 AM 1,024 USERDIFF.LOG
7 File(s) 7,168 bytes
Directory of C:\WINDOWS\SYSTEM32\CONFIG\systemprofile
09/14/2006 09:16 AM 1,024 NTUSER.DAT.LOG
1 File(s) 1,024 bytes
Directory of C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Windows
10/14/2003 01:31 AM 1,024 UsrClass.dat.LOG
1 File(s) 1,024 bytes
Directory of C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR
08/23/2006 03:50 PM 304 httperr1.log
1 File(s) 304 bytes
Directory of C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10
02/19/2006 05:10 PM 132,315 Install.log
1 File(s) 132,315 bytes
Directory of C:\WINDOWS\SYSTEM32\Macromed\Shockwave 8
12/19/2003 11:01 PM 35,823 Install.log
1 File(s) 35,823 bytes
Directory of C:\WINDOWS\SYSTEM32\MsDtc
10/24/2003 07:36 PM 4,194,304 MSDTC.LOG
1 File(s) 4,194,304 bytes
Directory of C:\WINDOWS\SYSTEM32\MsDtc\Trace
08/10/2005 12:23 PM 24,576 dtctrace.log
1 File(s) 24,576 bytes
Directory of C:\WINDOWS\SYSTEM32\QuickTime
04/24/2005 10:58 PM 8,183 Uninstall.log
1 File(s) 8,183 bytes
Directory of C:\WINDOWS\SYSTEM32\WBEM\Logs
10/09/2006 02:58 PM 247,000 FrameWork.log
03/05/2006 09:34 PM 24,015 MOFCOMP.LOG
01/11/2006 10:14 PM 2 NTEVT.log
09/15/2004 03:55 PM 400 replog.log
09/15/2004 03:43 PM 5,286 SETUP.LOG
09/03/2002 06:56 AM 119 WBEMCORE.LOG
10/09/2006 02:58 PM 6,116 wbemess.log
10/06/2006 06:31 AM 2,273 wbemprox.log
01/11/2006 10:14 PM 2 WBEMSNMP.log
09/15/2004 03:22 PM 28,350 WinMgmt.log
08/18/2006 12:47 AM 10,347 WMIADAP.LOG
10/09/2006 03:01 PM 39,441 wmiprov.log
12 File(s) 363,351 bytes
Directory of C:\WINDOWS\Temp
10/09/2006 02:37 PM 0 0.LOG
09/15/2004 03:44 PM 200 cmsetacl.log
09/27/2006 03:33 PM 334,225 COMSETUP.LOG
02/01/2004 12:20 AM 17,976 dahotfix.log
02/01/2004 03:18 PM 225 DHCPUPG.LOG
10/14/2003 01:10 AM 57,154 DirectX.log
09/15/2004 03:56 PM 731 DtcInstall.log
09/27/2006 03:33 PM 988,744 FaxSetup.log
02/02/2004 07:34 PM 125 IEPatchUninstall.log
09/27/2006 03:33 PM 141,915 IIS6.LOG
09/27/2006 03:33 PM 1,374 imsins.log
02/01/2004 02:38 PM 10,527 KB821253.log
02/01/2004 12:25 AM 17,415 KB821557.log
08/11/2004 12:18 PM 41,784 KB822603.log
02/01/2004 12:23 AM 15,287 KB823182.log
02/01/2004 12:26 AM 18,230 KB823559.log
08/24/2004 03:44 PM 14,589 KB824105.log
02/01/2004 12:24 AM 9,248 KB824141.log
12/30/2004 09:05 AM 9,892 KB824146.log
08/24/2004 03:44 PM 14,213 KB825119.log
07/30/2004 05:23 AM 18,915 KB826939.log
08/30/2004 05:31 AM 6,481 KB828035.log
09/27/2004 01:53 PM 12,818 KB828741.log
10/12/2004 06:59 PM 7,560 KB834707.log
04/07/2005 02:45 AM 18,360 KB835732.log
05/01/2004 02:30 PM 8,431 KB837001.log
03/24/2005 05:47 AM 2,729 KB839643-DirectX9.log
08/24/2004 03:44 PM 7,333 KB839645.log
07/14/2004 10:58 AM 4,335 KB840315.log
08/29/2004 12:13 PM 16,694 KB840374.log
12/08/2004 10:50 AM 5,680 KB841873.log
07/14/2004 10:58 AM 5,677 KB842773.log
03/23/2005 12:29 PM 12,756 KB867282.log
02/08/2005 09:55 PM 12,801 KB873333.log
04/07/2005 02:45 AM 9,729 KB873339.log
06/14/2005 10:31 PM 16,049 KB883939.log
02/08/2005 09:56 PM 17,581 KB885250.log
12/14/2004 06:47 PM 10,500 KB885835.log
12/14/2004 06:48 PM 9,744 KB885836.log
10/12/2004 06:59 PM 3,016 KB885884.log
12/14/2004 06:47 PM 6,056 KB886185.log
02/08/2005 09:56 PM 16,853 KB887472.log
02/22/2005 10:42 PM 9,519 KB887742.log
02/08/2005 09:56 PM 17,347 KB888113.log
02/08/2005 09:55 PM 10,041 KB888302.log
06/14/2005 10:29 PM 11,021 KB890046.log
02/08/2005 09:55 PM 10,791 KB890047.log
01/12/2005 05:03 PM 9,472 KB890175.log
04/13/2005 08:58 AM 14,331 KB890859.log
04/13/2005 08:59 AM 16,498 KB890923.log
02/08/2005 09:56 PM 16,149 KB891781.log
06/14/2005 10:29 PM 25,959 KB893066.log
04/13/2005 08:59 AM 13,180 KB893086.log
08/10/2005 12:30 PM 19,314 KB893756.log
04/13/2005 08:58 AM 7,462 KB893803.log
05/19/2005 06:56 PM 6,820 KB893803v2.log
08/10/2005 12:31 PM 21,872 KB894391.log
06/14/2005 10:30 PM 11,212 KB896358.log
06/14/2005 10:31 PM 15,119 KB896422.log
08/10/2005 12:30 PM 20,146 KB896423.log
11/09/2005 04:54 PM 11,768 KB896424.log
06/14/2005 10:29 PM 10,239 KB896428.log
10/15/2005 02:48 PM 16,734 KB896688.log
08/10/2005 12:29 PM 19,421 KB896727.log
06/14/2005 10:30 PM 4,579 KB898458.log
06/28/2005 03:30 PM 6,885 KB898461.log
08/10/2005 12:30 PM 19,637 KB899587.log
08/10/2005 12:30 PM 18,607 KB899588.log
08/10/2005 12:30 PM 19,142 KB899591.log
04/29/2006 11:00 PM 11,463 KB900485.log
10/15/2005 02:47 PM 14,323 KB900725.log
10/15/2005 02:49 PM 23,990 KB901017.log
02/18/2006 02:43 PM 9,810 KB901190.log
07/12/2005 01:35 PM 9,981 KB901214.log
10/15/2005 02:49 PM 26,225 KB902400.log
07/12/2005 01:35 PM 3,830 KB903235.log
10/15/2005 02:46 PM 12,050 KB904706.log
10/15/2005 02:48 PM 14,630 KB905414.log
10/15/2005 02:45 PM 11,866 KB905749.log
12/14/2005 09:34 PM 17,918 KB905915.log
01/12/2006 06:31 PM 9,999 KB908519.log
04/16/2006 11:11 AM 17,366 KB908531.log
12/14/2005 09:34 PM 12,539 KB910437.log
06/17/2006 12:07 AM 14,272 KB911280.log
04/16/2006 11:11 AM 16,552 KB911562.log
02/18/2006 02:43 PM 9,487 KB911564.log
04/16/2006 11:10 AM 19,673 KB911565.log
04/16/2006 11:09 AM 10,600 KB911567.log
02/18/2006 02:44 PM 10,652 KB911927.log
04/16/2006 11:10 AM 17,981 KB912812.log
01/05/2006 10:24 PM 10,974 KB912919.log
02/18/2006 02:43 PM 6,689 KB913446.log
05/10/2006 08:48 AM 11,698 KB913580.log
07/13/2006 04:22 AM 12,243 KB914388.log
06/17/2006 12:07 AM 11,445 KB914389.log
06/17/2006 12:07 AM 17,422 KB916281.log
07/13/2006 04:22 AM 10,304 KB916595.log
07/13/2006 04:23 AM 11,765 KB917159.log
06/17/2006 12:07 AM 14,503 KB917344.log
08/09/2006 12:17 PM 12,087 KB917422.log
06/17/2006 12:08 AM 13,868 KB917734.log
06/17/2006 12:07 AM 14,256 KB917953.log
06/17/2006 12:07 AM 14,116 KB918439.log
08/09/2006 12:17 PM 22,171 KB918899.log
09/14/2006 09:16 AM 11,449 KB919007.log
08/09/2006 12:18 PM 19,588 KB920214.log
08/09/2006 12:17 PM 12,742 KB920670.log
08/09/2006 12:16 PM 12,317 KB920683.log
09/14/2006 09:17 AM 11,246 KB920685.log
09/14/2006 09:17 AM 13,286 KB920872.log
08/09/2006 12:18 PM 19,607 KB921398.log
08/09/2006 12:18 PM 19,442 KB921883.log
09/14/2006 09:16 AM 7,730 KB922582.log
08/09/2006 12:18 PM 19,143 KB922616.log
09/27/2006 03:33 PM 12,376 KB925486.log
09/27/2006 03:33 PM 52,302 MSGSOCM.LOG
08/17/2006 11:46 PM 302 nsw.log
09/27/2006 03:33 PM 214,879 ntdtcsetup.log
09/27/2006 03:33 PM 605,804 OCGEN.LOG
09/27/2006 03:33 PM 51,965 OCMSN.LOG
10/27/2004 01:46 PM 52 OOBEACT.LOG
02/01/2004 12:31 AM 14,297 Q323255.log
10/14/2003 01:14 AM 15,436 Q327979.log
08/04/2004 08:31 AM 34,801 Q328213.log
04/20/2005 10:13 PM 30,388 Q328310.log
09/26/2004 04:17 PM 25,706 Q329048.log
08/04/2004 08:31 AM 14,730 Q329115.log
04/02/2005 04:50 PM 27,467 Q329170.log
09/26/2004 04:17 PM 14,727 Q329390.log
08/14/2004 12:03 PM 20,810 Q329441.log
09/26/2004 04:17 PM 14,037 Q329834.log
04/02/2005 04:50 PM 12,407 Q329909.log
07/30/2004 05:33 AM 9,031 Q331060.log
10/14/2003 01:18 AM 36,422 Q331953.log
08/11/2004 11:56 PM 34,254 Q810565.log
09/30/2004 01:25 AM 39,754 Q810577.log
02/01/2004 12:36 AM 37,100 Q810833.log
08/24/2004 04:06 PM 24,264 Q811630.log
04/23/2005 07:40 PM 19,201 Q811789.log
10/14/2003 01:14 AM 17,151 q812415.log
10/14/2003 01:18 AM 33,254 Q813862.log
02/01/2004 12:31 AM 21,367 Q814033.log
02/01/2004 12:29 AM 20,193 Q815021.log
12/07/2004 12:38 AM 39,080 Q815304.log
10/14/2003 01:17 AM 31,783 Q815485.log
03/29/2005 01:15 AM 39,649 Q816486.log
12/07/2004 12:38 AM 27,766 Q816979.log
03/27/2005 08:59 PM 22,766 Q816981.log
10/14/2003 01:16 AM 23,989 Q816982.log
09/19/2004 03:20 AM 19,378 Q817287.log
11/25/2004 06:02 AM 18,347 Q817606.log
04/11/2005 10:11 AM 42,893 Q828026.log
09/25/2004 12:32 PM 2,242 REGOPT.LOG
09/15/2004 03:43 PM 3,631 sessmgr.setup.log
10/13/2004 04:07 PM 2,442 setupact.log
09/27/2006 03:33 PM 706,039 setupapi.log
09/28/2004 09:29 AM 0 setuperr.log
06/17/2006 10:12 AM 31,583 spupdsvc.log
09/03/2002 06:53 AM 0 Sti_Trace.log
09/15/2004 03:49 PM 424,980 svcpack.log
09/14/2006 09:16 AM 41,620 updspapi.log
11/01/2004 12:53 AM 13,590 vmuninst.log
06/30/2006 12:16 AM 10,115 WgaNotify.log
10/08/2006 11:06 PM 467 WIADEBUG.LOG
10/08/2006 08:23 PM 49 WIASERVC.LOG
10/09/2006 02:50 PM 1,955,229 WindowsUpdate.log
12/19/2004 05:20 AM 416 WINNT32.LOG
10/02/2006 11:35 PM 163,344 wmsetup.log
07/08/2005 11:12 PM 378 wmsetup10.log
11/24/2004 02:38 AM 18,374 xpsp1hfm.log
170 File(s) 8,027,142 bytes
Edited by Guest1234, 09 October 2006 - 05:12 PM.
#34
Posted 09 October 2006 - 06:45 PM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
How is your pc running now ??
#35
Posted 09 October 2006 - 09:34 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
It's better than before for sure! Do we need to get rid of that one? It doesn't really matter to me unless its a huge threat or something, but yeah, thanks a lot for what you've done!
#36
Posted 10 October 2006 - 05:14 PM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
We are going to try one more thing !
Edited by Linkmaster, 10 October 2006 - 05:15 PM.
#37
Posted 10 October 2006 - 11:39 AM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
Copy the following BOLD RED text and PASTE it into Notepad : (make sure wordwrap is turned off)
del C:\WINDOWS\*.log
copy C:\WINDOWS\temp\*.log C:\WINDOWS /v
Click on File, Save as
File Type: All Files (not as a text document or it wont work).
Name: logjes2.bat
Save it to your Desktop
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button
Close HijackThis
Double click on logjes2.bat on your desktop to run it
When it finishes, Reboot back to Normal Mode
Run Panda Active Scan again
Post a fresh HijackThis log and the Panda Active Scan log here
del C:\WINDOWS\*.log
copy C:\WINDOWS\temp\*.log C:\WINDOWS /v
Click on File, Save as
File Type: All Files (not as a text document or it wont work).
Name: logjes2.bat
Save it to your Desktop
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button
Close HijackThis
Double click on logjes2.bat on your desktop to run it
When it finishes, Reboot back to Normal Mode
Run Panda Active Scan again
Post a fresh HijackThis log and the Panda Active Scan log here
#38
Posted 10 October 2006 - 05:30 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
It's still here.
Incident Status Location
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_psqvgl.log
Logfile of HijackThis v1.99.1
Scan saved at 4:29:42 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
E:\Program Files 2\BitComet\BitComet.exe
E:\Program Files 2\Winamp\winamp.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
Incident Status Location
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_psqvgl.log
Logfile of HijackThis v1.99.1
Scan saved at 4:29:42 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files 2\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files 2\Spyware Prevention\SpywareGuard\sgbhp.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
E:\Program Files 2\BitComet\BitComet.exe
E:\Program Files 2\Winamp\winamp.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files 2\Spyware Prevention\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files 2\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: SpywareGuard.lnk = E:\Program Files 2\Spyware Prevention\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX25.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{276B4CCE-CB12-4D13-AB59-4E11059D7645}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Creative Technology Ltd - (no file)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Program Files 2\Spyware Prevention\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
#39
Posted 11 October 2006 - 07:05 PM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
Click Start, Run, and copy this command into the window
notepad C:\WINDOWS\n_psqvgl.log:ThisisMyStream
click OK to execute the command
Download Killbox© by Option^Explicit
Unzip it to the desktop but Do Not Run It Yet
Note:In the event you already have Killbox, this is a new version that I need you to download
Reboot to Safe mode
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button
Close HijackThis
Run Killbox
Select Delete on Reboot
Select the All Files button
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\n_psqvgl.log
Return to Killbox, go to the File menu, and choose Paste from Clipboard
Click the red-and-white Delete File button
Click Yes at the Delete on Reboot prompt
Click OK at the Pending Operations prompt.
If your PC does not reboot, please reboot it back to Normal Mode
Run Panda Active Scan again
notepad C:\WINDOWS\n_psqvgl.log:ThisisMyStream
click OK to execute the command
Download Killbox© by Option^Explicit
Unzip it to the desktop but Do Not Run It Yet
Note:In the event you already have Killbox, this is a new version that I need you to download
Reboot to Safe mode
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Open HijackThis
Click on Config, Misc Tools
Click on Open ADS Spy
Check "Ignore Safe System Info Streams"
Click the Scan button
When it has finished scanning, checkmark/tick all that it found
Click the "remove selected" button
Close HijackThis
Run Killbox
Select Delete on Reboot
Select the All Files button
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\n_psqvgl.log
Return to Killbox, go to the File menu, and choose Paste from Clipboard
Click the red-and-white Delete File button
Click Yes at the Delete on Reboot prompt
Click OK at the Pending Operations prompt.
If your PC does not reboot, please reboot it back to Normal Mode
Run Panda Active Scan again
#40
Posted 12 October 2006 - 09:26 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
Whoops. Sorry, I forgot I needed to do something. I'll get it done by tomorrow.
#41
Posted 14 October 2006 - 04:40 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
Incident Status Location
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_qdivuq.dat
Adware:adware/searchaid Not disinfected C:\WINDOWS\n_qdivuq.dat
#42
Posted 18 October 2006 - 07:13 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
Umm... Am I done?
#43
Posted 19 October 2006 - 04:47 AM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
Sorry, We are looking for an uninstaller for that file. I will check this morning and give you an answer.
Thank you for being patient !
Your HijackThis log looks clean !
We want to get this file off your system !
Thank you for being patient !
Your HijackThis log looks clean !
We want to get this file off your system !
Edited by Linkmaster, 19 October 2006 - 04:50 AM.
#44
Posted 19 October 2006 - 04:58 AM
Linkmaster
-
- Member
-
- 940 posts
Visiting Staff
Ok lets try this :
Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Post the Kaspersky Scan Results here
Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Post the Kaspersky Scan Results here
#45
Posted 19 October 2006 - 08:11 PM
Guest1234
- Topic Starter
-
- Member
-
- 36 posts
Member
Wow... 
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Henry\Application Data\Aim\ShadowMaster050\cert8.db Object is locked skipped
C:\Documents and Settings\Henry\Application Data\Aim\ShadowMaster050\key3.db Object is locked skipped
C:\Documents and Settings\Henry\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Henry\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\History\History.IE5\MSHist012006101920061020\index.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temp\msn2624.fdr Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temp\~DF2948.tmp Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temp\~DF33D9.tmp Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Henry\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Henry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market32.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\ui.mar Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe NSIS: infected - 7 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:akplm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:frwzu:$DATA Infected: Trojan-Dropper.Win32.Small.tn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:ggmnki:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:ozjme:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:qeogsk:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:xqtvv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:ysono:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027062.dll:rhinc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027063.exe:atjgwk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027064.ini:amuurm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027065.INI:wdxfot:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027066.dll:jibsw:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027069.ini:odlok:$DATA Infected: Trojan-Downloader.Win32.Agent.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027070.ini:vanzp:$DATA Infected: Trojan-Dropper.Win32.Small.tn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027071.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027072.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP284\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\sysreset\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
E:\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP284\change.log Object is locked skipped
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Henry\Application Data\Aim\ShadowMaster050\cert8.db Object is locked skipped
C:\Documents and Settings\Henry\Application Data\Aim\ShadowMaster050\key3.db Object is locked skipped
C:\Documents and Settings\Henry\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Henry\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\History\History.IE5\MSHist012006101920061020\index.dat Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temp\msn2624.fdr Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temp\~DF2948.tmp Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temp\~DF33D9.tmp Object is locked skipped
C:\Documents and Settings\Henry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Henry\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Henry\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market32.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\ui.mar Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0024591.exe NSIS: infected - 7 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:akplm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:frwzu:$DATA Infected: Trojan-Dropper.Win32.Small.tn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:ggmnki:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:ozjme:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:qeogsk:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:xqtvv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027061.PIF:ysono:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027062.dll:rhinc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027063.exe:atjgwk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027064.ini:amuurm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027065.INI:wdxfot:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027066.dll:jibsw:$DATA Infected: Trojan.Win32.Agent.bi skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027067.EXE:zdweu:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027068.isu:emdad:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027069.ini:odlok:$DATA Infected: Trojan-Downloader.Win32.Agent.db skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027070.ini:vanzp:$DATA Infected: Trojan-Dropper.Win32.Small.tn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027071.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0027072.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027478.prx:mjhch:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP270\A0027479.ini:abriv:$DATA Embedded HTML: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP284\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\sysreset\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
E:\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP284\change.log Object is locked skipped
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
