Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please bear with me.. :( "ccolgatee"

Started by Razz , Dec 16 2006 01:42 PM

  • This topic is locked This topic is locked

#1
Razz
Posted 16 December 2006 - 01:42 PM

Razz

    Member

  • Member
  • PipPip
  • 10 posts
Hi guys... It's been already 3:33am and I still can't sleep. I've been thinking about this "ccolgatee" virus that my PC just acquired a while ago. I don't go to porn sites. But I do help my friends create a website as their project in school. I first seen the "ccolgatee" folder when I inserted their USB Flash Drive in my PC so I suspect the virus came from there.

Anyway, I've been thinking on removing this. But before that, here are the abnormalities that I've observed when I got this "ccolgatee" virus...

- When I copy files, it kept on prompting that it has a "windows file protection"...
- When I open certain folders, it duplicates one file but it is a "ccolgatee" file...
- When I delete some "ccolgatee" files, they will come after I closed the window...
- It infects some of my programs. Their icons changes into a folder icon same with the "ccolgatee" folder and I can't run the program anymore.

Now my question is...

Will this file destroy all programs installed in my PC?

To my main message...

Please and please, I'm begging you guys to help me on this problem. My files on my PC are very important so thus my programs. I will keep on monitoring this thread of mine until the damage has been remedied. I am willing to cooperate with you guys. So far I've read the other topics related to "ccolgatee" but it looks like for every topic or prob, there's always a new step w/c differs from the other threads. Please, help me. :whistling:

Thanks a lot.
  • 0

Advertisements

#2
Flrman1
Posted 16 December 2006 - 01:48 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi Razz

Welcome to GTG! :whistling:

Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
  • 0

#3
Razz
Posted 16 December 2006 - 08:00 PM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

I've already downloaded HJTSetup (thanks). I can install it but I can't run it. :whistling: Once installed, the whole program will now turn into "ccolgatee" type of file. And whwn I run it, nothing happens... Is there a way to run it? Or is there a way to temporarily "by-pass" the ccolgatee virus? Thanks...
  • 0

#4
Razz
Posted 16 December 2006 - 08:23 PM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
**My Status**

I'll check this thread later. I'm just gonna finish some job. BRB after 9 hours...

Btw,

Can I just install HJT on a new fresh HD (so that it will not turn into a ccolgatee) then I'll just make my infected HD a slave to the new, fresh HD? Then run HJT then just select to scan the infected HD?

And one thing, how can I work on safe mode? I can only enter safe mode is when my PC went nuts. But I don't really know how to switch to safe mode. Thanks.

Edited by Razz, 16 December 2006 - 08:40 PM.

  • 0

#5
Razz
Posted 17 December 2006 - 07:58 AM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, I've somehow made a solution on how to install and run HJT on my computer w/o having it turning into a "ccolgatee" file... for now I guess...

Anyway, I've made a scan and here's my log...

Logfile of HijackThis v1.99.1
Scan saved at 9:54:57 PM, on 12/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\william\Start Menu\Programs\Startup\startupFolder.com
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Explorer5] C:\WINDOWS\\config_.com
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: startupFolder.com
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\william\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe



I'll just wait for your reply. Please help me. Thanks.
  • 0

#6
Flrman1
Posted 17 December 2006 - 02:19 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Please download Floppy-E Removal Tool.exe to your desktop.
  • Double-click Floppy-E Removal Tool.exe to run it.
  • Click the Find Infected Files button.
  • Once it's done scanning, click the Delete Infected Files button.
  • You will recieve a Done Deleting! message, click Ok then Click the Find Infected Files again
  • Please post the contents of C:\Floppy-E Files.txt and a new HiJackThis log.

  • 0

#7
Razz
Posted 18 December 2006 - 12:52 AM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi flrman1, I've downloaded the Floppy-E Removal Tool.exe and I've done all what you've told me but after the scan, when I click the delete infected files button, I recieved a "run time error"... I clicked "ok" because it's the only button available. After that, it already prompted me a "done deleting!". I clicked OK then click the find infected files again. But this time, it didn't show any infected files. But my cursor is still a "hour glass" w/c means there's still a process. I've waited but still it didn't display any infected files...

Anyway, here's the logs of the floppy E removal tool :

List of infected files found...
C:\New Folder.exe
C:\ATI\ATI.exe
C:\BC5\BC5.exe
C:\BDE32\BDE32.exe
C:\CSS\CSS.exe
C:\decals\decals.exe
C:\DeusEx\DeusEx.exe
C:\Documents and Settings\Documents and Settings.exe
C:\Documents and Settings\william\NetHood\My Web Sites on MSN\My Web Sites on MSN.exe
C:\Documents and Settings\william\NetHood\WebApplication1 on localhost\WebApplication1 on localhost.exe
C:\Documents and Settings\william\Recent\New Folder.exe
C:\Documents and Settings\william\SendTo\New Folder.exe
C:\Documents and Settings\william\Start Menu\Programs\Startup\startupFolder.com
C:\epsxe\ePSXe.exe
C:\IDAPI32\IDAPI32.exe
C:\Inetpub\Inetpub.exe
C:\Macromedia\Macromedia.exe
C:\MSOCache\MSOCache.exe
C:\Oblivion_Morrow_Wind\Oblivion_Morrow_Wind.exe
C:\Program Files\Program Files.exe
C:\Program Files\Acoustica MP3 Audio Mixer\Acoustica MP3 Audio Mixer.exe
C:\Program Files\Adobe\Adobe.exe
C:\Program Files\AGEIA Technologies\AGEIA Technologies.exe
C:\Program Files\Ahead\Ahead.exe
C:\Program Files\Air Strike II Gulf Thunder\Air Strike II Gulf Thunder.exe
C:\Program Files\America's Army\America's Army.exe
C:\Program Files\America's Army Server Manager\America's Army Server Manager.exe
C:\Program Files\Ant War\Ant War.exe
C:\Program Files\ATI Technologies\ATI Technologies.exe
C:\Program Files\AvRack\AvRack.exe
C:\Program Files\AZR\AZR.exe
C:\Program Files\Badongo\Badongo.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Call of Duty\Call of Duty.exe
C:\Program Files\CasinoOnNet\CasinoOnNet.exe
C:\Program Files\Cheating-Death\Cheating-Death.exe
C:\Program Files\Codemasters\Codemasters.exe
C:\Program Files\Common Files\Common Files.exe
C:\Program Files\ComPlus Applications\ComPlus Applications.exe
C:\Program Files\Creative\Creative.exe
C:\Program Files\CyberLink\CyberLink.exe
C:\Program Files\DAEMON Tools\DAEMON Tools.exe
C:\Program Files\danny_kay1710\danny_kay1710.exe
C:\Program Files\directx\directx.exe
C:\Program Files\FarStone\FarStone.exe
C:\Program Files\Fish Tycoon\Fish Tycoon.exe
C:\Program Files\Fisher\Fisher.exe
C:\Program Files\FLVPlayer\flvplayer.exe
C:\Program Files\GameHouse\GameHouse.exe
C:\Program Files\GIF Movie Gear\GIF Movie Gear.exe
C:\Program Files\Google\Google.exe
C:\Program Files\Gravity\Gravity.exe
C:\Program Files\Groove Games\Groove Games.exe
C:\Program Files\HD Publishing\HD Publishing.exe
C:\Program Files\Hide Files and Folders\Hide Files and Folders.exe
C:\Program Files\HP\HP.exe
C:\Program Files\InstallShield Installation Information\InstallShield Installation Information.exe
C:\Program Files\Internet Explorer\Internet Explorer.exe
C:\Program Files\Java\Java.exe
C:\Program Files\JoWooD\JoWooD.exe
C:\Program Files\Lavasoft\Lavasoft.exe
C:\Program Files\Lineage II\Lineage II.exe
C:\Program Files\Mafia\Mafia.exe
C:\Program Files\Media Player Classic\Media Player Classic.exe
C:\Program Files\Messenger\Messenger.exe
C:\Program Files\microsoft frontpage\microsoft frontpage.exe
C:\Program Files\Microsoft Office\Microsoft Office.exe
C:\Program Files\Microsoft Visual Studio\Microsoft Visual Studio.exe
C:\Program Files\mobile PhoneTools\mobile PhoneTools.exe
C:\Program Files\MOV to AVI MPEG WMV Converter\MOV to AVI MPEG WMV Converter.exe
C:\Program Files\Movie Maker\Movie Maker.exe
C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe
C:\Program Files\MSDN\MSDN.exe
C:\Program Files\MSN\MSN.exe
C:\Program Files\MSN Gaming Zone\MSN Gaming Zone.exe
C:\Program Files\NetGames\NetGames.exe
C:\Program Files\NetMeeting\NetMeeting.exe
C:\Program Files\NovaLogic\NovaLogic.exe
C:\Program Files\NSIS\NSIS.exe
C:\Program Files\Online Services\Online Services.exe
C:\Program Files\Outlook Express\Outlook Express.exe
C:\Program Files\Power Tab Software\Power Tab Software.exe
C:\Program Files\psx emulation cheater\psx emulation cheater.exe
C:\Program Files\QuickTime\QuickTime.exe
C:\Program Files\Real Alternative\Real Alternative.exe
C:\Program Files\Realtek Sound Manager\Realtek Sound Manager.exe
C:\Program Files\Red Storm Entertainment\Red Storm Entertainment.exe
C:\Program Files\ReflexiveArcade\ReflexiveArcade.exe
C:\Program Files\River Past\River Past.exe
C:\Program Files\Rockstar Games\Rockstar Games.exe
C:\Program Files\Sigma Team\Sigma Team.exe
C:\Program Files\Singles\Singles.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Tablet\Tablet.exe
C:\Program Files\Trymedia\Trymedia.exe
C:\Program Files\Uninstall Information\Uninstall Information.exe
C:\Program Files\Valve\Valve.exe
C:\Program Files\Valve Hammer Editor\Valve Hammer Editor.exe
C:\Program Files\VideoLAN\VideoLAN.exe
C:\Program Files\WarRock\WarRock.exe
C:\Program Files\Web Publish\Web Publish.exe
C:\Program Files\Windows Media Player\Windows Media Player.exe
C:\Program Files\Windows Messaging\Windows Messaging.exe
C:\Program Files\Windows NT\Windows NT.exe
C:\Program Files\WindowsUpdate\WindowsUpdate.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinZip\WinZip.exe
C:\Program Files\xerox\xerox.exe
C:\Program Files\Xilisoft\Xilisoft.exe
C:\Program Files\XP Codec Pack\XP Codec Pack.exe
C:\Program Files\Yahoo!\Yahoo!.exe
C:\Program Files\YIntai\YIntai.exe
C:\Program Files\Zuma Deluxe\Zuma Deluxe.exe
C:\Program Files\ºÚ°µÊ·Ê«(FATE)\ºÚ°µÊ·Ê«(FATE).exe
C:\RECYCLER\RECYCLER.exe
C:\RECYCLER\S-1-5-21-1606980848-1767777339-725345543-1003\De1.exe
C:\RECYCLER\S-1-5-21-1606980848-1767777339-725345543-1003\De2.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc173.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc174.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc176.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc177.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc163\New Folder.exe
C:\SIERRA\SIERRA.exe
C:\The Godfather images\The Godfather images.exe
C:\wally\Wally.exe
C:\WINDOWS\calc.exe
C:\WINDOWS\config_.com
C:\WINDOWS\mscalc.exe
C:\WINDOWS\WINDOWS.exe
C:\WINDOWS\system32\calc.exe
C:\WUTemp\WUTemp.exe
C:\_cd backups\_cd backups.exe
List of infected files found...
C:\New Folder.exe
C:\ATI\ATI.exe
C:\BC5\BC5.exe
C:\BDE32\BDE32.exe
C:\CSS\CSS.exe
C:\decals\decals.exe
C:\DeusEx\DeusEx.exe
C:\Documents and Settings\Documents and Settings.exe
C:\Documents and Settings\william\NetHood\My Web Sites on MSN\My Web Sites on MSN.exe
C:\Documents and Settings\william\NetHood\WebApplication1 on localhost\WebApplication1 on localhost.exe
C:\Documents and Settings\william\Recent\New Folder.exe
C:\Documents and Settings\william\SendTo\New Folder.exe
C:\Documents and Settings\william\Start Menu\Programs\Startup\startupFolder.com
C:\epsxe\ePSXe.exe
C:\IDAPI32\IDAPI32.exe
C:\Inetpub\Inetpub.exe
C:\Macromedia\Macromedia.exe
C:\MSOCache\MSOCache.exe
C:\Oblivion_Morrow_Wind\Oblivion_Morrow_Wind.exe
C:\Program Files\Program Files.exe
C:\Program Files\Acoustica MP3 Audio Mixer\Acoustica MP3 Audio Mixer.exe
C:\Program Files\Adobe\Adobe.exe
C:\Program Files\AGEIA Technologies\AGEIA Technologies.exe
C:\Program Files\Ahead\Ahead.exe
C:\Program Files\Air Strike II Gulf Thunder\Air Strike II Gulf Thunder.exe
C:\Program Files\America's Army\America's Army.exe
C:\Program Files\America's Army Server Manager\America's Army Server Manager.exe
C:\Program Files\Ant War\Ant War.exe
C:\Program Files\ATI Technologies\ATI Technologies.exe
C:\Program Files\AvRack\AvRack.exe
C:\Program Files\AZR\AZR.exe
C:\Program Files\Badongo\Badongo.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Call of Duty\Call of Duty.exe
C:\Program Files\CasinoOnNet\CasinoOnNet.exe
C:\Program Files\Cheating-Death\Cheating-Death.exe
C:\Program Files\Codemasters\Codemasters.exe
C:\Program Files\Common Files\Common Files.exe
C:\Program Files\ComPlus Applications\ComPlus Applications.exe
C:\Program Files\Creative\Creative.exe
C:\Program Files\CyberLink\CyberLink.exe
C:\Program Files\DAEMON Tools\DAEMON Tools.exe
C:\Program Files\danny_kay1710\danny_kay1710.exe
C:\Program Files\directx\directx.exe
C:\Program Files\FarStone\FarStone.exe
C:\Program Files\Fish Tycoon\Fish Tycoon.exe
C:\Program Files\Fisher\Fisher.exe
C:\Program Files\FLVPlayer\flvplayer.exe
C:\Program Files\GameHouse\GameHouse.exe
C:\Program Files\GIF Movie Gear\GIF Movie Gear.exe
C:\Program Files\Google\Google.exe
C:\Program Files\Gravity\Gravity.exe
C:\Program Files\Groove Games\Groove Games.exe
C:\Program Files\HD Publishing\HD Publishing.exe
C:\Program Files\Hide Files and Folders\Hide Files and Folders.exe
C:\Program Files\HP\HP.exe
C:\Program Files\InstallShield Installation Information\InstallShield Installation Information.exe
C:\Program Files\Internet Explorer\Internet Explorer.exe
C:\Program Files\Java\Java.exe
C:\Program Files\JoWooD\JoWooD.exe
C:\Program Files\Lavasoft\Lavasoft.exe
C:\Program Files\Lineage II\Lineage II.exe
C:\Program Files\Mafia\Mafia.exe
C:\Program Files\Media Player Classic\Media Player Classic.exe
C:\Program Files\Messenger\Messenger.exe
C:\Program Files\microsoft frontpage\microsoft frontpage.exe
C:\Program Files\Microsoft Office\Microsoft Office.exe
C:\Program Files\Microsoft Visual Studio\Microsoft Visual Studio.exe
C:\Program Files\mobile PhoneTools\mobile PhoneTools.exe
C:\Program Files\MOV to AVI MPEG WMV Converter\MOV to AVI MPEG WMV Converter.exe
C:\Program Files\Movie Maker\Movie Maker.exe
C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe
C:\Program Files\MSDN\MSDN.exe
C:\Program Files\MSN\MSN.exe
C:\Program Files\MSN Gaming Zone\MSN Gaming Zone.exe
C:\Program Files\NetGames\NetGames.exe
C:\Program Files\NetMeeting\NetMeeting.exe
C:\Program Files\NovaLogic\NovaLogic.exe
C:\Program Files\NSIS\NSIS.exe
C:\Program Files\Online Services\Online Services.exe
C:\Program Files\Outlook Express\Outlook Express.exe
C:\Program Files\Power Tab Software\Power Tab Software.exe
C:\Program Files\psx emulation cheater\psx emulation cheater.exe
C:\Program Files\QuickTime\QuickTime.exe
C:\Program Files\Real Alternative\Real Alternative.exe
C:\Program Files\Realtek Sound Manager\Realtek Sound Manager.exe
C:\Program Files\Red Storm Entertainment\Red Storm Entertainment.exe
C:\Program Files\ReflexiveArcade\ReflexiveArcade.exe
C:\Program Files\River Past\River Past.exe
C:\Program Files\Rockstar Games\Rockstar Games.exe
C:\Program Files\Sigma Team\Sigma Team.exe
C:\Program Files\Singles\Singles.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Tablet\Tablet.exe
C:\Program Files\Trymedia\Trymedia.exe
C:\Program Files\Uninstall Information\Uninstall Information.exe
C:\Program Files\Valve\Valve.exe
C:\Program Files\Valve Hammer Editor\Valve Hammer Editor.exe
C:\Program Files\VideoLAN\VideoLAN.exe
C:\Program Files\WarRock\WarRock.exe
C:\Program Files\Web Publish\Web Publish.exe
C:\Program Files\Windows Media Player\Windows Media Player.exe
C:\Program Files\Windows Messaging\Windows Messaging.exe
C:\Program Files\Windows NT\Windows NT.exe
C:\Program Files\WindowsUpdate\WindowsUpdate.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinZip\WinZip.exe
C:\Program Files\xerox\xerox.exe
C:\Program Files\Xilisoft\Xilisoft.exe
C:\Program Files\XP Codec Pack\XP Codec Pack.exe
C:\Program Files\Yahoo!\Yahoo!.exe
C:\Program Files\YIntai\YIntai.exe
C:\Program Files\Zuma Deluxe\Zuma Deluxe.exe
C:\Program Files\ºÚ°µÊ·Ê«(FATE)\ºÚ°µÊ·Ê«(FATE).exe
C:\RECYCLER\RECYCLER.exe
C:\RECYCLER\S-1-5-21-1606980848-1767777339-725345543-1003\De1.exe
C:\RECYCLER\S-1-5-21-1606980848-1767777339-725345543-1003\De2.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc173.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc174.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc176.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc177.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc163\New Folder.exe
C:\SIERRA\SIERRA.exe
C:\The Godfather images\The Godfather images.exe
C:\wally\Wally.exe
C:\WINDOWS\calc.exe
C:\WINDOWS\config_.com
C:\WINDOWS\mscalc.exe
C:\WINDOWS\WINDOWS.exe
C:\WUTemp\WUTemp.exe
C:\_cd backups\_cd backups.exe
List of infected files found...
C:\New Folder.exe
C:\ATI\ATI.exe
C:\BC5\BC5.exe
C:\BDE32\BDE32.exe
C:\CSS\CSS.exe
C:\decals\decals.exe
C:\DeusEx\DeusEx.exe
C:\Documents and Settings\Documents and Settings.exe
C:\Documents and Settings\william\NetHood\My Web Sites on MSN\My Web Sites on MSN.exe
C:\Documents and Settings\william\NetHood\WebApplication1 on localhost\WebApplication1 on localhost.exe
C:\Documents and Settings\william\Recent\New Folder.exe
C:\Documents and Settings\william\SendTo\New Folder.exe
C:\Documents and Settings\william\Start Menu\Programs\Startup\startupFolder.com
C:\epsxe\ePSXe.exe
C:\IDAPI32\IDAPI32.exe
C:\Inetpub\Inetpub.exe
C:\Macromedia\Macromedia.exe
C:\MSOCache\MSOCache.exe
C:\Oblivion_Morrow_Wind\Oblivion_Morrow_Wind.exe
C:\Program Files\Program Files.exe
C:\Program Files\Acoustica MP3 Audio Mixer\Acoustica MP3 Audio Mixer.exe
C:\Program Files\Adobe\Adobe.exe
C:\Program Files\AGEIA Technologies\AGEIA Technologies.exe
C:\Program Files\Ahead\Ahead.exe
C:\Program Files\Air Strike II Gulf Thunder\Air Strike II Gulf Thunder.exe
C:\Program Files\America's Army\America's Army.exe
C:\Program Files\America's Army Server Manager\America's Army Server Manager.exe
C:\Program Files\Ant War\Ant War.exe
C:\Program Files\ATI Technologies\ATI Technologies.exe
C:\Program Files\AvRack\AvRack.exe
C:\Program Files\AZR\AZR.exe
C:\Program Files\Badongo\Badongo.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Call of Duty\Call of Duty.exe
C:\Program Files\CasinoOnNet\CasinoOnNet.exe
C:\Program Files\Cheating-Death\Cheating-Death.exe
C:\Program Files\Codemasters\Codemasters.exe
C:\Program Files\Common Files\Common Files.exe
C:\Program Files\ComPlus Applications\ComPlus Applications.exe
C:\Program Files\Creative\Creative.exe
C:\Program Files\CyberLink\CyberLink.exe
C:\Program Files\DAEMON Tools\DAEMON Tools.exe
C:\Program Files\danny_kay1710\danny_kay1710.exe
C:\Program Files\directx\directx.exe
C:\Program Files\FarStone\FarStone.exe
C:\Program Files\Fish Tycoon\Fish Tycoon.exe
C:\Program Files\Fisher\Fisher.exe
C:\Program Files\FLVPlayer\flvplayer.exe
C:\Program Files\GameHouse\GameHouse.exe
C:\Program Files\GIF Movie Gear\GIF Movie Gear.exe
C:\Program Files\Google\Google.exe
C:\Program Files\Gravity\Gravity.exe
C:\Program Files\Groove Games\Groove Games.exe
C:\Program Files\HD Publishing\HD Publishing.exe
C:\Program Files\Hide Files and Folders\Hide Files and Folders.exe
C:\Program Files\HP\HP.exe
C:\Program Files\InstallShield Installation Information\InstallShield Installation Information.exe
C:\Program Files\Internet Explorer\Internet Explorer.exe
C:\Program Files\Java\Java.exe
C:\Program Files\JoWooD\JoWooD.exe
C:\Program Files\Lavasoft\Lavasoft.exe
C:\Program Files\Lineage II\Lineage II.exe
C:\Program Files\Mafia\Mafia.exe
C:\Program Files\Media Player Classic\Media Player Classic.exe
C:\Program Files\Messenger\Messenger.exe
C:\Program Files\microsoft frontpage\microsoft frontpage.exe
C:\Program Files\Microsoft Office\Microsoft Office.exe
C:\Program Files\Microsoft Visual Studio\Microsoft Visual Studio.exe
C:\Program Files\mobile PhoneTools\mobile PhoneTools.exe
C:\Program Files\MOV to AVI MPEG WMV Converter\MOV to AVI MPEG WMV Converter.exe
C:\Program Files\Movie Maker\Movie Maker.exe
C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe
C:\Program Files\MSDN\MSDN.exe
C:\Program Files\MSN\MSN.exe
C:\Program Files\MSN Gaming Zone\MSN Gaming Zone.exe
C:\Program Files\NetGames\NetGames.exe
C:\Program Files\NetMeeting\NetMeeting.exe
C:\Program Files\NovaLogic\NovaLogic.exe
C:\Program Files\NSIS\NSIS.exe
C:\Program Files\Online Services\Online Services.exe
C:\Program Files\Outlook Express\Outlook Express.exe
C:\Program Files\Power Tab Software\Power Tab Software.exe
C:\Program Files\psx emulation cheater\psx emulation cheater.exe
C:\Program Files\QuickTime\QuickTime.exe
C:\Program Files\Real Alternative\Real Alternative.exe
C:\Program Files\Realtek Sound Manager\Realtek Sound Manager.exe
C:\Program Files\Red Storm Entertainment\Red Storm Entertainment.exe
C:\Program Files\ReflexiveArcade\ReflexiveArcade.exe
C:\Program Files\River Past\River Past.exe
C:\Program Files\Rockstar Games\Rockstar Games.exe
C:\Program Files\Sigma Team\Sigma Team.exe
C:\Program Files\Singles\Singles.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Tablet\Tablet.exe
C:\Program Files\Trymedia\Trymedia.exe
C:\Program Files\Uninstall Information\Uninstall Information.exe
C:\Program Files\Valve\Valve.exe
C:\Program Files\Valve Hammer Editor\Valve Hammer Editor.exe
C:\Program Files\VideoLAN\VideoLAN.exe
C:\Program Files\WarRock\WarRock.exe
C:\Program Files\Web Publish\Web Publish.exe
C:\Program Files\Windows Media Player\Windows Media Player.exe
C:\Program Files\Windows Messaging\Windows Messaging.exe
C:\Program Files\Windows NT\Windows NT.exe
C:\Program Files\WindowsUpdate\WindowsUpdate.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinZip\WinZip.exe
C:\Program Files\xerox\xerox.exe
C:\Program Files\Xilisoft\Xilisoft.exe
C:\Program Files\XP Codec Pack\XP Codec Pack.exe
C:\Program Files\Yahoo!\Yahoo!.exe
C:\Program Files\YIntai\YIntai.exe
C:\Program Files\Zuma Deluxe\Zuma Deluxe.exe
C:\Program Files\ºÚ°µÊ·Ê«(FATE)\ºÚ°µÊ·Ê«(FATE).exe
C:\RECYCLER\RECYCLER.exe
C:\RECYCLER\S-1-5-21-1606980848-1767777339-725345543-1003\De1.exe
C:\RECYCLER\S-1-5-21-1606980848-1767777339-725345543-1003\De2.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc173.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc174.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc176.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc177.exe
C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc163\New Folder.exe
C:\SIERRA\SIERRA.exe
C:\The Godfather images\The Godfather images.exe
C:\wally\Wally.exe
C:\WINDOWS\calc.exe
C:\WINDOWS\config_.com
C:\WINDOWS\mscalc.exe
C:\WINDOWS\WINDOWS.exe
C:\WUTemp\WUTemp.exe
C:\_cd backups\_cd backups.exe
List of infected files found...
List of infected files found...


And here's the log file of the HJT :

Logfile of HijackThis v1.99.1
Scan saved at 2:41:32 PM, on 12/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Explorer5] C:\WINDOWS\\config_.com
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\william\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe



Thanks.

Edited by Razz, 18 December 2006 - 12:53 AM.

  • 0

#8
Flrman1
Posted 18 December 2006 - 11:24 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [Explorer5] C:\WINDOWS\\config_.com


* Restart your computer.


* Right Click the Desktop and Select New--> Folder--> Name it SysClean
  • Download the Sysclean Package to the folder you made.
  • Next,download the Virus Pattern Files (Official Pattern Release) to your desktop from Here
  • Right Click and Select Extract All to unzip the folder.
  • Now,from the unzipped folder,move lpt$vpn.XXX file to the SysClean folder.
  • Restart in your computer into safe mode now.
  • Click here for info on how to boot to safe mode if you don't already know how.
  • When you are in safe mode, open the SysClean Folder and doubleclick sysclean.com
  • Be sure Automatically clean or delete detected files is checked.
  • Click the Scan button to begin, please be patient,it will take a little bit to finish.
  • When the scan is complete, verify the log from the scan (SYSCLEAN.LOG) is in the SysClean folder and restart back to Normal Mode.
  • Copy and Paste those results in the next reply.
Note: If you need further help running Sysclean, see the tutorial here.


* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


* Go here and run the F-Secure Online Scanner.
  • Follow the Instructions on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • After the ActiveX installs,Click Full System Scan
  • When the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a new Hijack This log.
Note: You have to use Internet Explorer to do the scan.

Come back here and post the following logs:

A new Hijack This log
The Uninstall list
The results from the SysClean scan. (SYSCLEAN.LOG)
The results from the F-Secure online scan

Edited by Flrman1, 18 December 2006 - 11:25 PM.

  • 0

#9
Razz
Posted 19 December 2006 - 09:30 AM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, I've finally completed the requirements. They did really took a lot of time... Anyway, here are the results.

HJT Logs :

Logfile of HijackThis v1.99.1
Scan saved at 11:20:22 PM, on 12/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\william\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe


The Uninstall List :

Acoustica MP3 Audio Mixer
Ad-Aware SE Personal
Adobe Acrobat 4.0, 5.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Reader Chinese Traditional Fonts
Adobe Stock Photos 1.0
AGEIA PhysX v2.5.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HydraVision
ATI Parental Control & Encoder
Borland C++ 5.0
Counter-Strike 1.6
EAX Unified
Ghost Recon
GIF Movie Gear 3.0.1
Google Earth
Google Talk (remove only)
Hide Files and Folders v2.2
HijackThis 1.99.1
HP Deskjet 3740
HP Software Update
J2SE Runtime Environment 5.0 Update 6
Joint Task Force
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office 97, Professional Edition
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Visual Basic .NET Standard 2003 - English
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mobile PhoneTools
Mozilla Firefox (2.0)
MSDN Library for Visual Studio .NET 2003
Nero Suite
NVIDIA Drivers
ºÚ°µÊ·Ê«(FATE)NETSHOW V1.19ÍêÃÀ°æ
Power Tab Editor 1.7
PowerDVD
PSP ISO Compressor
QuickTime
Ragnarok Online
Real Alternative 1.49
Realtek AC'97 Audio
River Past Video Cleaner Pro
Spybot - Search & Destroy 1.4
Tablet
Valve Hammer Editor
VideoLAN VLC media player 0.8.4a
VirtualDrive
Windows Installer 3.1 (KB893803)
WinZip
XP Codec Pack
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger


SysClean Scan Results :

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com --------------------------------------------------/


2006-12-19, 17:08:12, Auto-clean mode specified.
2006-12-19, 17:08:12, Running scanner "C:\Documents and Settings\william\Desktop\SysClean\TSC.BIN"...
2006-12-19, 17:10:04, Scanner "C:\Documents and Settings\william\Desktop\SysClean\TSC.BIN" has finished running.
2006-12-19, 17:10:04, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 1)

Start time : Tue Dec 19 2006 17:08:13

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\william\Desktop\SysClean\tsc.ptn" (version 816) [success]

Complete time : Tue Dec 19 2006 17:10:04
Execute pattern count(3022), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-12-19, 17:11:01, An error was detected on "C:\Documents and Settings\william\Desktop\s-tierra\opnytops\*.*": Access is denied.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\??????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\model\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\palette\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:25, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\palette\?\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\?\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:28, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\sprite\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\??????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\??????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\??\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\???????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\???????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\?????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\??????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:12:31, An error was detected on "C:\Program Files\Gravity\RagnarokOnline\data\texture\????\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-12-19, 17:14:29, An error was detected on "C:\Program Files\xerox\york\*.*": Access is denied.
2006-12-19, 17:14:54, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-12-19, 18:31:45, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/19/2006 17:15:19
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 119 (145404 Patterns) (2006/12/18) (411900)
Command Line: C:\Documents and Settings\william\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\william\Desktop\SysClean

C:\Documents and Settings\william\Local Settings\Temp\isinst.exe [TROJ_ISTBAR.PO]
C:\Inetpub\wwwroot\_Jill Cams\pics\folder.htt [VBS_TERROSIST.B]
121228 files have been read.
121228 files have been checked.
101279 files have been scanned.
133039 files have been scanned. (including files in archived)
4 files containing viruses.
Found 7 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/19/2006 18:31:45
---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-19, 18:31:45, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/19/2006 17:15:19
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 119 (145404 Patterns) (2006/12/18) (411900)
Command Line: C:\Documents and Settings\william\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\william\Desktop\SysClean

Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\william\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4eb76b1e-13b87202.zip,(Beyond.class)
Success Clean [ JAVA_BYTEVER.R]( 1) from C:\Documents and Settings\william\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-4fa619f8.zip,(javainstaller\InstallerApplet.class)
Success Clean [ TROJ_ISTBAR.PO]( 1) from C:\Documents and Settings\william\Local Settings\Temp\isinst.exe
Success Clean [ VBS_TERROSIST.B]( 1) from C:\Inetpub\wwwroot\_Jill Cams\pics\folder.htt
121228 files have been read.
121228 files have been checked.
101279 files have been scanned.
133039 files have been scanned. (including files in archived)
4 files containing viruses.
Found 7 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/19/2006 18:31:45 1 hour 16 minutes 17 seconds (4576.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-19, 18:31:45, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/19/2006 17:15:19
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 119 (145404 Patterns) (2006/12/18) (411900)
Command Line: C:\Documents and Settings\william\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\william\Desktop\SysClean

121228 files have been read.
121228 files have been checked.
101279 files have been scanned.
133039 files have been scanned. (including files in archived)
4 files containing viruses.
Found 7 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/19/2006 18:31:45 1 hour 16 minutes 17 seconds (4576.20 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-19, 18:31:45, Scanner "C:\Documents and Settings\william\Desktop\SysClean\VSCANTM.BIN" has finished running.
[/quote]
F-Secure Online Scan :
[quote]
Scanning Report
Tuesday, December 19, 2006 21:19:26 - 22:04:17

Computer name: A-P461H86YME9MN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 3 malware found
W32/LdPinch.gen1 (virus)

* C:\PROGRAM FILES\GAMEHOUSE\INSANIQUARIUM\CRACK.EXE (Submitted)

W32/Zapchast.PL (virus)

* C:\DOCUMENTS AND SETTINGS\WILLIAM\LOCAL SETTINGS\TEMP\MIUNST_.EXE (Submitted)

istbar (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 26610
* System: 5210
* Not scanned: 5

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 2

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\FDCENT.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-12-19
* F-Secure AVP: 7.0.171, 2006-12-19
* F-Secure Orion: 1.2.37, 2006-12-18
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 2006-12-12
* F-Secure Pegasus: 1.19.0, 2006-11-13

Edited by Flrman1, 19 December 2006 - 05:16 PM.

  • 0

#10
Flrman1
Posted 19 December 2006 - 05:24 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall this old version of Java:

J2SE Runtime Environment 5.0 Update 6

* Now go here and install the latest version of Java.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan and let me know how the pc is behaving now.
  • 0

Advertisements

#11
Razz
Posted 20 December 2006 - 03:16 AM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HJT Logs :

Logfile of HijackThis v1.99.1
Scan saved at 4:59:41 PM, on 12/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\william\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe


ActiveScan :
(note : I've edited the format of the Active Scan in this post so that it's much easier to read.)

I've only scanned "My Computer" in the choices. I've assumed that it did also scanned my drive C, Floppy A, My Documents, etc...

Incident : Possible Virus.
Status : Not disinfected
Location : C:\Documents and Settings\william\Desktop\Floppy-E Removal Tool.exe

Incident : Possible Virus.
Status : Not disinfected
Location : C:\Documents and Settings\william\My Documents\L2 Elite\updater\L2Elite.msi[unk_0026][Update.exe]

Incident : Possible Virus.
Status : Not disinfected
Location : C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc176.exe

Incident : Potentially unwanted tool:Application/Restart
Status : Not disinfected
Location : C:\WINDOWS\system32\Tools\Restart.exe


And here's the un-edited format of the ActiveScan results (kinda messy) :

Incident Status Location

Possible Virus. Not disinfected C:\Documents and Settings\william\Desktop\Floppy-E Removal Tool.exe
Possible Virus. Not disinfected C:\Documents and Settings\william\My Documents\L2 Elite\updater\L2Elite.msi[unk_0026][Update.exe]
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-1614895754-448539723-725345543-1003\Dc176.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe


So far I've observed that my PC is not making any noises anymore (the noises it makes before is like a floppy A is reading a floppy disk but there's no floppy disk inserted at all)

The "Windows file protection" doesn't pop-up anymore. And no more "ccolgate" file type folder generate anymore.

I've also inserted a new USB flashdrive and I'm expecting the "ccolgatee" file type folder named "New Folder" but it didn't show up anymore.

As of now, no other programs turned into a "ccolgatee" type anymore.

And finally, my PC is now running just like the way it was before it caught a ccolgatee virus..

I'll make some more observations. But as of now, I'm relieved that my programs are still intact and working. ccolgate virus somehow did wreak four of my programs before I started this thread.

I hope it was gone really good but why is that I'm still recieving some possible malware / virus results? Are they really possible malware / threats? Or just cookies?

And one thing...

When the ccolgatee virus attacks, it did affect my hard disk. When I double click it, it didn't display it contents but rather displayed a text box where I can specify what type of program it will open. I selected a sound editing program. Now everytime I double click my hard disk, it keeps on opening the sound editing program I've selected before. To display its contents, I do need to right click it first then select explore. How can I set it back to its original state where when I double click it, it will display its contents?

Thanks a lot.

Edited by Razz, 20 December 2006 - 03:23 AM.

  • 0

#12
Flrman1
Posted 20 December 2006 - 12:36 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"

Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

In the "All or part of the file name box type:

autorun.inf

Click "Search"

When/if the file is found, open it in notepad and copy and paste the contents here please.
  • 0

#13
Flrman1
Posted 20 December 2006 - 12:39 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Are you having trouble opening anything else like the Control Panel or Add/Remove programs etc...?
  • 0

#14
Razz
Posted 20 December 2006 - 10:32 PM

Razz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

I've searched "all files and folders" under "my computer" with parameters checked as stated on your previous post...

Anyway, I've found two autorun.inf files and here they are...

autorun.inf :

[Autorun]
open=New Folder.exe


Its location is on C:\ only. No sub folders.
Searched "All files and folders", look in "My Computer".

====================

autorun.inf :

[autorun]
open=setup.exe
icon=btw.ico
label=BTW


Its location is on my C:\Program Files\Mobile Phone Tools\widcomm. It's a software for my phone to transfer pictures from phone to PC.

Searched "All files and folders", look in "My Computer".

====================

As of now I haven't yet encountered trouble opening control panel / add remove programs and other programs.

Edited by Razz, 20 December 2006 - 10:33 PM.

  • 0

#15
Flrman1
Posted 21 December 2006 - 07:03 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Go ahead and delete the autorun.inf file that you found that has open=New Folder.exe in it. It needs to be deleted.

How is everything now?

Edited by Flrman1, 21 December 2006 - 07:04 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP