Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having a terrible Virtumonde effect . Need HELP ! [RESOLVED]

Started by Youssef Attalla , May 23 2008 01:32 PM

  • This topic is locked This topic is locked

#1
Youssef Attalla
Posted 23 May 2008 - 01:32 PM

Youssef Attalla

    Member

  • Member
  • PipPip
  • 12 posts
i have a virtumode adware and i tried everythign to delete but i couldnt
spybot keeps on detecting changes in my registry files every time i boot up my machine and it keeos forever because it recreates itself again
do not know what to do?

here is my hijackthis log anybody can help it would be appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:16 PM, on 5/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
D:\Downoaded Softwares\BlueFish\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.135.55.155 mrt
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\YOUSSE~1\AppData\Local\Temp\cbXopoLe.dll,c
O4 - HKCU\..\Run: [BMe7ff6ac9] Rundll32.exe "C:\Users\YOUSSE~1\AppData\Local\Temp\sfnkcceg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion 8 Application Server - Macromedia Inc. - C:\ColdFusion8\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion 8 ODBC Agent - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 8 ODBC Server - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 8 Search Server - Verity, Inc. - C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10984 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 23 May 2008 - 01:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
Youssef Attalla
Posted 23 May 2008 - 03:07 PM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i just want to make sure before doing this that you know i am running windows VISTA SP1 not XP because as i noticed all these packages are for windows XP
so it that alright ?
also i downloaded ATF cleaner and did exactly what you mentioned above and still i have it again but i didnt do the combofix that's why i am asking if this can be done on vista

Edited by Youssef Attalla, 23 May 2008 - 03:09 PM.

  • 0

#4
Rorschach112
Posted 23 May 2008 - 03:09 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes that is fine, go ahead
  • 0

#5
Youssef Attalla
Posted 23 May 2008 - 07:16 PM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
here is the kaspersy report it said that it detected 9 viruses and 29 infected items so shold i delete them or what ?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 23, 2008 9:15:11 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/05/2008
Kaspersky Anti-Virus database records: 799321
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 260416
Number of viruses found: 10
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 03:16:57

Infected Object Name / Virus Name / Last Action
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\ColdFusion8\db\slserver54\tracing\ColdFusion 8 ODBC Agent.trc Object is locked skipped
C:\ColdFusion8\db\slserver54\tracing\ColdFusion 8 ODBC Server.trc Object is locked skipped
C:\ColdFusion8\logs\eventgateway.log Object is locked skipped
C:\ColdFusion8\logs\server.log Object is locked skipped
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped
C:\ColdFusion8\runtime\servers\coldfusion\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped
C:\ColdFusion8\verity\Data\host\admin\admin.dat Object is locked skipped
C:\ColdFusion8\verity\Data\host\log\audit.log Object is locked skipped
C:\ColdFusion8\verity\Data\host\log\status.log Object is locked skipped
C:\ColdFusion8\verity\Data\services\ColdFusionK2_indexserver1\log\status.log Object is locked skipped
C:\ColdFusion8\verity\Data\services\ColdFusionK2_server1\log\status.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\L0000004.FCS Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\HP Connections\6811507\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\Online Services\Vonage\smb\Xtras\regxtra121.x32 Infected: Backdoor.Win32.RAdmin.ag skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\AVMan.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\GUProxy.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\LUMan.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\processlog.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\rawlog.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\seclog.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\syslog.log Object is locked skipped
C:\Program Files\Symantec\Symantec Endpoint Protection\tralog.log Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\SavSubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40000\48FD9A67.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40001\48FDED1A.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B080000\4B2E8ED5.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14340000\5C3D33B8.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17800000\5FB184A4.VBN Object is locked skipped
C:\System.sav\util\App.Evt Object is locked skipped
C:\System.sav\util\Sec.Evt Object is locked skipped
C:\System.sav\util\Sys.Evt Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_CCE4_CC6C_E4CC_59FA\dfsr.db Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_CCE4_CC6C_E4CC_59FA\fsr.log Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_CCE4_CC6C_E4CC_59FA\fsrtmp.log Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_CCE4_CC6C_E4CC_59FA\tmp.edb Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Outlook\outlook.ost Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Outlook\~outlook.ost.tmp Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GT2HRSG\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.tbw skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GT2HRSG\query[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.tbv skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK7WKYLA\iddqd[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM6LFT9H\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.srh skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\UsrClass.dat{dad2a04c-22aa-11dd-a303-001636ce7d60}.TM.blf Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\UsrClass.dat{dad2a04c-22aa-11dd-a303-001636ce7d60}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows\UsrClass.dat{dad2a04c-22aa-11dd-a303-001636ce7d60}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Users\youssefhg\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\youssefhg\AppData\Local\Mozilla\Firefox\Profiles\o05hpwn0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\youssefhg\AppData\Local\Mozilla\Firefox\Profiles\o05hpwn0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\youssefhg\AppData\Local\Mozilla\Firefox\Profiles\o05hpwn0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\youssefhg\AppData\Local\Mozilla\Firefox\Profiles\o05hpwn0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\youssefhg\AppData\Local\Mozilla\Firefox\Profiles\o05hpwn0.default\OfflineCache\index.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Local\Mozilla\Firefox\Profiles\o05hpwn0.default\urlclassifier3.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\etilqs_lCuIqzfx8P69AC7AaNQd Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\etilqs_lCuIqzfx8P69AC7AaNQd-journal Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\ExchangePerflog_8484fa3126abc008fe5697e1.dat Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\~DF90C0.tmp Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\~DF910B.tmp Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\~DFC49C.tmp Object is locked skipped
C:\Users\youssefhg\AppData\Local\Temp\~DFC4CD.tmp Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Microsoft\Outlook\Mail.srs Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\cert8.db Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\content-prefs.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\cookies.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\downloads.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\formhistory.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\key3.db Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\parent.lock Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\permissions.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\places.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\places.sqlite-journal Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Mozilla\Firefox\Profiles\o05hpwn0.default\search.sqlite Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\call256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\callmember256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\chat512.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\chatmember256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\chatmsg256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\chatmsg512.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\chatsync\ec\ec409efd893922bc.dat Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\contactgroup256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\dyncontent\bundle.dat Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\index2.dat Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\profile256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\user1024.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\user16384.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\user256.dbb Object is locked skipped
C:\Users\youssefhg\AppData\Roaming\Skype\youssefhg\user4096.dbb Object is locked skipped
C:\Users\youssefhg\NTUSER.DAT Object is locked skipped
C:\Users\youssefhg\ntuser.dat.LOG1 Object is locked skipped
C:\Users\youssefhg\ntuser.dat.LOG2 Object is locked skipped
C:\Users\youssefhg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\youssefhg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\youssefhg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\bthservsdp.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\panther\diagerr.xml Object is locked skipped
C:\WINDOWS\panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\panther\setupact.log Object is locked skipped
C:\WINDOWS\panther\setuperr.log Object is locked skipped
C:\WINDOWS\panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A510E297-8879-49CA-841C-D1C62930A311}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_YOUSSEF-PC$\612 Object is locked skipped
C:\WINDOWS\Temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped
D:\Downloaded Music\Incomplete\Preview-T-3545425-i wanna tke you there.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
D:\Downoaded Softwares\BearShareV6.exe/WISE0045.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\Downoaded Softwares\BearShareV6.exe/WISE0045.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\Downoaded Softwares\BearShareV6.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
D:\Downoaded Softwares\BearShareV6.exe WiseSFX: infected - 3 skipped
D:\Downoaded Softwares\BearShareV6.exe WiseSFXDropper: infected - 3 skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\ADBEDRWVCS3_WWE.exe/data0000.cab/is153891.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\ADBEDRWVCS3_WWE.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\ADBEDRWVCS3_WWE.exe Rsrc-Package: infected - 2 skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\DreamWeaver CS3 Keygen + Activation.exe/data0000.cab/is153891.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\DreamWeaver CS3 Keygen + Activation.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\DreamWeaver CS3 Keygen + Activation.exe Rsrc-Package: infected - 2 skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver CS3 VLK.exe/data0000.cab/is153891.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver CS3 VLK.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver CS3 VLK.exe Rsrc-Package: infected - 2 skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver CS3.exe/data0000.cab/is153891.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver CS3.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver CS3.exe Rsrc-Package: infected - 2 skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver.exe/data0000.cab/is153891.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.rji skipped
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen\Dreamweaver.exe Rsrc-Package: infected - 2 skipped
D:\Downoaded Softwares\BlueFish\shellView\shexview.exe Infected: not-a-virus:PSWTool.Win32.ProductKey.r skipped
D:\Downoaded Softwares\weatherbug.msi/Callw6setup Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\Downoaded Softwares\weatherbug.msi Embedded: infected - 1 skipped

Scan process completed.
  • 0

#6
Rorschach112
Posted 24 May 2008 - 05:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Go on with the rest of the steps, and do this


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Program Files\Online Services\Vonage\smb\Xtras\regxtra121.x32
D:\Downloaded Music\Incomplete\Preview-T-3545425-i wanna tke you there.mp3
D:\Downoaded Softwares\BearShareV6.exe
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch
D:\Downoaded Softwares\BlueFish\shellView\shexview.exe
D:\Downoaded Softwares\weatherbug.msi
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#7
Youssef Attalla
Posted 24 May 2008 - 10:50 AM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
this was the log after removing the file
but i noticed that i still didnt delete the virtumode things when there was a skull next to their path in the kasperski log
so so you think now it is gone ?


Explorer killed successfully
File move failed. C:\Program Files\Online Services\Vonage\smb\Xtras\regxtra121.x32 scheduled to be moved on reboot.
D:\Downloaded Music\Incomplete\Preview-T-3545425-i wanna tke you there.mp3 moved successfully.
D:\Downoaded Softwares\BearShareV6.exe moved successfully.
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch\Patch & Keygen moved successfully.
D:\Downoaded Softwares\Bitcomet Softwares\Adobe Dreamweaver CS3 +.Patch moved successfully.
D:\Downoaded Softwares\BlueFish\shellView\shexview.exe moved successfully.
D:\Downoaded Softwares\weatherbug.msi moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05242008_124837
  • 0

#8
Rorschach112
Posted 24 May 2008 - 12:18 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No, run ComboFix in my previous instructions
  • 0

#9
Youssef Attalla
Posted 25 May 2008 - 04:47 PM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i really appreciate ur help
thanks a lot i'll do it and i'll tell you the results
  • 0

#10
Rorschach112
Posted 26 May 2008 - 06:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok lets see what it shows
  • 0

Advertisements

#11
Youssef Attalla
Posted 27 May 2008 - 07:02 AM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i'm really sorry but this is what it said for vista users

"Windows Vista users can use their Windows CD to boot up into the Vista Recovery Environment."

and i actually dont have a vista CD my laptop only came with the recovery partition so what do u recommend ?
  • 0

#12
Rorschach112
Posted 27 May 2008 - 08:34 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Leave the Recovery Console step and just run ComboFix
  • 0

#13
Youssef Attalla
Posted 27 May 2008 - 09:01 AM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
here is the log



ComboFix 08-05-21.3 - youssefhg 2008-05-27 10:53:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.914 [GMT -4:00]
Running from: D:\Downoaded Softwares\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-25 19:37 . 2008-05-25 19:37 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Media Player Classic
2008-05-25 19:37 . 2008-05-25 19:37 <DIR> d-------- C:\Users\All Users\Real
2008-05-25 19:37 . 2008-05-25 19:37 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-25 18:34 . 2008-05-25 18:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 18:34 . 2008-05-25 18:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-23 17:18 . 2008-05-23 17:18 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-05-23 12:43 . 2008-05-23 12:43 <DIR> d-------- C:\VundoFix Backups
2008-05-23 09:22 . 2008-05-23 09:22 <DIR> d-------- C:\Users\youssefhg\.ssh
2008-05-23 09:20 . 2008-05-27 10:31 <DIR> d-------- C:\Users\youssefhg\.nx
2008-05-23 09:19 . 2008-05-23 09:19 <DIR> d-------- C:\Program Files\NX Client for Windows
2008-05-20 20:53 . 2008-05-20 20:58 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\DivX
2008-05-20 20:51 . 2008-05-20 20:51 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-20 20:42 . 2008-05-20 20:42 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\acccore
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-05-20 20:41 . 2008-05-20 20:43 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Users\All Users\AOL
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\ProgramData\Viewpoint
2008-05-20 20:41 . 2008-05-20 20:43 <DIR> d-------- C:\ProgramData\AOL OCP
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\ProgramData\AOL
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Program Files\Viewpoint
2008-05-20 20:41 . 2008-05-20 20:41 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-05-20 20:40 . 2008-05-20 20:42 <DIR> d-------- C:\Program Files\AIM6
2008-05-20 20:40 . 2008-05-20 20:42 366 --ah----- C:\IPH.PH
2008-05-20 14:20 . 2008-05-20 14:20 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\WildTangent
2008-05-19 22:33 . 2008-05-27 08:54 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\skypePM
2008-05-19 22:33 . 2008-05-19 22:33 32 --a------ C:\Users\All Users\ezsid.dat
2008-05-19 22:33 . 2008-05-19 22:33 32 --a------ C:\ProgramData\ezsid.dat
2008-05-19 22:32 . 2008-05-27 10:58 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Skype
2008-05-19 22:30 . 2008-05-19 22:31 <DIR> d-------- C:\Program Files\Skype
2008-05-19 22:30 . 2008-05-19 22:30 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-19 12:26 . 2008-05-19 12:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 12:26 . 2008-05-19 12:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-19 12:26 . 2008-05-19 12:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\HP
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\CyberLink
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\Users\All Users\HP
2008-05-19 11:22 . 2008-05-19 11:22 <DIR> d-------- C:\ProgramData\HP
2008-05-18 22:41 . 2008-05-18 22:41 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Apple Computer
2008-05-18 22:40 . 2008-05-18 22:41 <DIR> d-------- C:\Program Files\iTunes
2008-05-18 22:40 . 2008-05-18 22:40 <DIR> d-------- C:\Program Files\iPod
2008-05-18 22:37 . 2008-05-18 22:40 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-05-18 22:37 . 2008-05-18 22:40 <DIR> d-------- C:\ProgramData\Apple Computer
2008-05-18 22:37 . 2008-05-18 22:39 <DIR> d-------- C:\Program Files\QuickTime
2008-05-18 22:37 . 2008-05-18 22:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-18 22:36 . 2008-05-18 22:36 <DIR> d-------- C:\Users\All Users\Apple
2008-05-18 22:36 . 2008-05-18 22:36 <DIR> d-------- C:\ProgramData\Apple
2008-05-18 22:36 . 2008-05-18 22:36 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-17 12:59 . 2008-05-17 15:42 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\SSH
2008-05-17 12:59 . 2008-05-17 13:00 <DIR> d-------- C:\Users\All Users\SSH
2008-05-17 12:59 . 2008-05-17 13:00 <DIR> d-------- C:\ProgramData\SSH
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Helios
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Program Files\TextPad 5
2008-05-17 12:53 . 2008-05-17 12:53 <DIR> d-------- C:\Program Files\SSH Communications Security
2008-05-17 09:48 . 2008-05-17 09:48 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-17 05:10 . 2008-05-17 05:10 <DIR> d-------- C:\PerfLogs
2008-05-17 04:42 . 2008-05-17 04:14 152,576 --a------ C:\WINDOWS\System32\SPWizUI.dll
2008-05-17 04:42 . 2008-05-17 04:14 47,560 --a------ C:\WINDOWS\System32\SPReview.exe
2008-05-17 04:21 . 2008-01-18 23:33 599,552 --a------ C:\WINDOWS\System32\vsp1cln.exe
2008-05-17 04:21 . 2008-01-18 23:33 193,024 --a------ C:\WINDOWS\System32\recdisc.exe
2008-05-17 04:21 . 2008-01-18 23:36 142,336 --a------ C:\WINDOWS\System32\spp.dll
2008-05-17 04:21 . 2008-01-18 23:36 28,160 --a------ C:\WINDOWS\System32\sxproxy.dll
2008-05-17 04:21 . 2008-01-18 23:36 6,656 --a------ C:\WINDOWS\System32\sdspres.dll
2008-05-17 04:18 . 2008-01-18 23:34 6,103,040 --a------ C:\WINDOWS\System32\chtbrkr.dll
2008-05-17 04:14 . 2008-01-18 23:33 44,032 --a------ C:\WINDOWS\System32\cbsra.exe
2008-05-17 03:03 . 2008-05-17 04:44 327,680 --a------ C:\WINDOWS\SPInstall.etl
2008-05-17 02:30 . 2008-05-17 02:31 268,511,373 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-16 15:32 . 2008-05-16 15:33 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-16 15:32 . 2008-05-16 15:33 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-16 15:32 . 2008-05-16 15:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 03:21 . 2008-05-16 03:21 988,216 --a------ C:\WINDOWS\System32\winload.exe
2008-05-16 03:21 . 2008-05-16 03:21 927,288 --a------ C:\WINDOWS\System32\winresume.exe
2008-05-16 03:21 . 2008-05-16 03:21 615,992 --a------ C:\WINDOWS\System32\ci.dll
2008-05-16 03:21 . 2008-05-16 03:21 378,368 --a------ C:\WINDOWS\System32\srcore.dll
2008-05-16 03:21 . 2008-05-16 03:21 318,464 --a------ C:\WINDOWS\System32\rstrui.exe
2008-05-16 03:21 . 2008-05-16 03:21 46,592 --a------ C:\WINDOWS\System32\setbcdlocale.dll
2008-05-16 03:21 . 2008-05-16 03:21 40,960 --a------ C:\WINDOWS\System32\srclient.dll
2008-05-16 03:21 . 2008-05-16 03:21 19,000 --a------ C:\WINDOWS\System32\kd1394.dll
2008-05-16 03:21 . 2008-05-16 03:21 14,848 --a------ C:\WINDOWS\System32\srdelayed.exe
2008-05-16 03:21 . 2008-05-16 03:21 6,656 --a------ C:\WINDOWS\System32\kbd106n.dll
2008-05-16 03:18 . 2008-05-16 03:18 2,032,128 --a------ C:\WINDOWS\System32\win32k.sys
2008-05-16 03:17 . 2008-05-16 03:17 295,936 --a------ C:\WINDOWS\System32\gdi32.dll
2008-05-16 03:11 . 2008-05-16 03:11 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-05-16 03:11 . 2008-05-16 03:11 826,880 --a------ C:\WINDOWS\System32\wininet.dll
2008-05-16 03:10 . 2008-05-16 03:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-15 23:16 . 2008-05-15 23:16 <DIR> d-------- C:\Program Files\Gabest
2008-05-15 22:41 . 2008-05-15 22:41 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music
2008-05-15 21:31 . 2008-05-15 21:31 <DIR> d-------- C:\Users\All Users\Google
2008-05-15 20:49 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-05-15 14:59 . 2008-05-15 15:00 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\TortoiseSVN
2008-05-15 14:16 . 2008-05-27 08:53 25,515 --a------ C:\Users\youssefhg\AppData\Roaming\nvModes.dat
2008-05-15 14:05 . 2008-05-15 14:05 <DIR> d-------- C:\Program Files\UnH Solutions
2008-05-15 13:55 . 2008-05-15 13:55 <DIR> d-------- C:\Downloads
2008-05-15 13:54 . 2008-05-16 08:49 <DIR> d-------- C:\Program Files\BitComet
2008-05-15 13:10 . 2008-05-15 13:15 <DIR> d-------- C:\Program Files\Windows Live
2008-05-15 13:10 . 2008-05-15 13:14 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-15 13:04 . 2008-05-15 13:04 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-15 12:59 . 2008-05-15 13:10 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-15 12:59 . 2008-05-15 13:10 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-15 12:56 . 2008-05-18 22:40 <DIR> d-------- C:\Program Files\Bonjour
2008-05-15 12:53 . 2008-05-19 22:31 <DIR> d-------- C:\Users\All Users\Skype
2008-05-15 12:53 . 2008-05-19 22:31 <DIR> d-------- C:\ProgramData\Skype
2008-05-15 12:48 . 2008-05-15 12:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-15 12:29 . 2008-05-15 12:29 <DIR> d-------- C:\Users\youssefhg\.dbvis
2008-05-15 12:25 . 2008-05-15 12:26 <DIR> d-------- C:\Program Files\DbVisualizer-6.0.10
2008-05-15 12:13 . 2008-05-15 12:13 <DIR> d-------- C:\Users\youssefhg\AppData\Roaming\Subversion
2008-05-15 12:07 . 2008-05-15 12:07 <DIR> d-------- C:\Program Files\TortoiseSVN
2008-05-15 11:51 . 2008-05-15 11:51 21 --ah----- C:\qpmd8379.bin
2008-05-15 11:50 . 2008-05-16 10:04 53,248 --a------ C:\WINDOWS\System32\cfperfmon_8.dll
2008-05-15 11:48 . 2008-05-15 11:49 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-05-15 11:48 . 2008-05-16 10:07 <DIR> d-------- C:\ColdFusion8
2008-05-15 11:44 . 2008-05-15 11:44 <DIR> d--h----- C:\Users\youssefhg\InstallAnywhere
2008-05-15 11:39 . 2008-05-15 12:15 <DIR> d-------- C:\cygwin
2008-05-15 11:38 . 2008-05-15 11:38 <DIR> d-------- C:\Program Files\Subversion
2008-05-15 11:27 . 2008-05-15 11:27 <DIR> d-------- C:\WINDOWS\PCHEALTH
2008-05-15 11:27 . 2008-05-15 11:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-15 11:18 . 2008-05-15 11:18 <DIR> dr-h----- C:\MSOCache
2008-05-15 10:59 . 2008-05-15 10:59 136,496 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.SYS
2008-05-15 10:59 . 2008-05-15 11:00 10,652 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.CAT
2008-05-15 10:59 . 2008-05-15 11:00 806 --a------ C:\WINDOWS\System32\drivers\SYMEVENT.INF
2008-05-15 10:58 . 2008-05-15 11:00 <DIR> d-------- C:\Program Files\Symantec
2008-05-15 10:58 . 2007-03-21 20:39 1,060,864 --a------ C:\WINDOWS\System32\MFC71.DLL
2008-05-15 10:58 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\System32\MSVCP71.DLL
2008-05-15 10:58 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\System32\MSVCR71.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 00:51 --------- d-----w C:\Program Files\DivX
2008-05-20 18:20 --------- d-----w C:\ProgramData\WildTangent
2008-05-17 16:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 09:30 174 --sha-w C:\Program Files\desktop.ini
2008-05-17 09:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-17 09:20 --------- d-----w C:\Program Files\Windows Calendar
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Mail
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Journal
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Defender
2008-05-17 09:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-17 08:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-17 08:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 07:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-15 18:13 --------- d-----w C:\ProgramData\CyberLink
2008-05-15 16:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 15:29 --------- d-----w C:\Program Files\Microsoft Works
2008-05-15 15:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-15 15:02 --------- d-----w C:\ProgramData\Symantec
2008-05-15 14:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-15 14:32 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 14:30 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Templates
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Start Menu
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Favorites
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Documents
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Desktop
2008-05-15 14:19 --------- d-sh--w C:\ProgramData\Application Data
2008-05-13 01:53 129,784 ------w C:\Windows\System32\PxAFS.DLL
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 01:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 19:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 14:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 19:42 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 13:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 13:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-29 09:35 77824]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 15:15 115560]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 00:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 00:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 00:25 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\youssefhg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [2008-05-15 11:30:31 845584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 09:16:39 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2497455648-2839833209-4065968779-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8487480D-1C86-41BC-88D2-2F94CEFB5506}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2323E63B-77E5-49DA-AB6C-674CAE419990}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{BA87D380-4483-441F-8DE3-F17AFA5472AB}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{85087D8B-AF97-4EB9-A26E-D8B9AB8F767F}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{935C2EF6-A603-4F13-8463-5A832EC27F6B}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D75EE1D6-182D-42A7-BE19-058BA7449A8C}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E274B2FC-F54F-4631-BB1B-F63DD15BA9A2}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{694F75FE-AD5C-4AB0-BB36-7C2CAA098EAF}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6014D925-779E-4517-9853-F48EE1F54858}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0158754C-0CAA-4651-A1BC-C0CA90A95F43}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{44A7F39C-5F3C-4878-86B5-5C42F49CA0E1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C2105CA8-6F50-4906-9F35-ADCC317BB1B5}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0AE3926-EEC5-4F02-A564-C24AE84F922B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9403EDE5-FA94-449F-A7F9-2006D330B0EF}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{47DE4C2C-D9DC-4933-8CF5-4455BD02DEF2}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{2DB2D51C-F7CA-40C8-B950-41B4DBBBE499}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{D88F83D6-90E3-4FA8-BDB6-D7455B6F4671}"= UDP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{1478A35F-D3FB-4895-82B9-19FC2AD60FE6}"= TCP:C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{653FD3FB-5E10-43C2-AB94-27C329478C33}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{317AE7C4-D296-41A3-B7B9-35F3E2EDA431}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{A010181C-C3A3-4061-9FC0-0A7D6F854FC7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9032707E-686C-4502-9CFA-C06352072053}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5CCC3F1-2EC6-4088-87C8-0F66CD469FD5}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{96780B97-CE85-4218-A886-80FEC7C56F22}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{3128D0F9-4727-441F-9493-0AF512D7DB64}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AC5AFC2A-104D-4717-AB12-BF70C7DF83AB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{243C6AAD-A340-4ACF-8D73-118E1819570E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{58934D5E-E61A-4CC3-B95C-3DAFD8640D02}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E8247466-714A-4C2C-9E45-29E540EA62AA}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DFD721AE-8C5A-46CA-B132-7786EEEC719E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5262D4C2-465D-476C-B62C-EB0648B3D0CD}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{4E97483A-F807-4673-A9E2-B088C88EB51F}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{F710AD1B-ECA1-4FAB-B718-A0F0E4D9B656}C:\\program files\\nx client for windows\\nxclient.exe"= UDP:C:\program files\nx client for windows\nxclient.exe:nxclient
"UDP Query User{C2832FE4-4EBC-4C39-843C-1D653ED99782}C:\\program files\\nx client for windows\\nxclient.exe"= TCP:C:\program files\nx client for windows\nxclient.exe:nxclient
"TCP Query User{95301031-5273-4D82-BB15-25FD6CC3FE8C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{4B38BA65-35C6-4FB5-88D5-87730D587BB1}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{98181D0A-07D7-4943-ADD9-38E63F65E9E8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0A869BA8-7026-46A6-800B-97693210D892}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 ColdFusion 8 Application Server;ColdFusion 8 Application Server;"C:\ColdFusion8\runtime\bin\jrunsvc.exe" [2008-03-18 05:11]
R2 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;C:\ColdFusion8\db\slserver54\bin\swagent.exe "ColdFusion 8 ODBC Agent" []
R2 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;C:\ColdFusion8\db\slserver54\bin\swstrtr.exe "ColdFusion 8 ODBC Server" []
R2 ColdFusion 8 Search Server;ColdFusion 8 Search Server;"C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\ColdFusion8\verity\k2\common\verity.cfg" -ntstart 1 []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 13:39]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14c0f204-2aae-11dd-8f65-001636ce7d60}]
\shell\AutoRun\command - H:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32621c7a-228d-11dd-a572-001636ce7d60}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 10:58:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
Completion time: 2008-05-27 11:00:21
ComboFix-quarantined-files.txt 2008-05-27 14:59:31

Pre-Run: 22,253,686,784 bytes free
Post-Run: 22,264,463,360 bytes free

327 --- E O F --- 2008-05-21 07:06:50

Edited by Youssef Attalla, 27 May 2008 - 09:23 AM.

  • 0

#14
Rorschach112
Posted 27 May 2008 - 09:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the log normally, and not in code boxes
  • 0

#15
Youssef Attalla
Posted 27 May 2008 - 09:28 AM

Youssef Attalla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i edited it
sorry for that
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP