Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I've got a Trojan [RESOLVED]


  • This topic is locked This topic is locked

#1
Lovltn848

Lovltn848

    Member

  • Member
  • PipPipPip
  • 233 posts
I went on a 2 week trip and came home to find that some malware had been installed on my computer in the guise of the AVG anti-virus program. Allegedly noone had been on my computer while I was gone and it was turned off the entire time, but I suspect otherwise...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:17 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
G:\AdAware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\msiexec.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\Trillian\trillian.exe
D:\Program Files\Alwil Software\Avast4\setup\avast.setup
G:\Opera\opera.exe
G:\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188675217674
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9315 bytes
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello Lovltn848,

I am having a look at your log and will get back to you in a bit.

Regards
emeraldnzl
  • 0

#3
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Okay thanks!
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello again Lovltn848,

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later.

It is important you carry out instructions exactly in the order they appear.

Firstly

Please go to Start > Control Panel > Add or Remove Programs and remove Antivirus2008y

Next

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-----Step 2-----

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So when you return please post
  • the two Deckard Scanner logs

  • 0

#5
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Deckard's System Scanner v20071014.68
Run by Lauren on 2008-07-21 14:05:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-21 20:05:57 UTC - RP137 - Deckard's System Scanner Restore Point
3: 2008-07-20 23:55:42 UTC - RP136 - System Checkpoint
2: 2008-07-18 08:28:50 UTC - RP135 - System Checkpoint
1: 2008-07-17 08:27:21 UTC - RP134 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).
System Drive D: has 0.16 GiB (less than 15%) free.


-- HijackThis (run as Lauren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:22 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
G:\AdAware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\Trillian\trillian.exe
D:\Documents and Settings\Lauren\Desktop\dss.exe
G:\HIJACK~1\Lauren.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188675217674
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9160 bytes

-- HijackThis Fixed Entries (G:\HIJACK~1\backups\) -----------------------------

backup-20080721-140334-575 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 fwdrv (Tiny Personal Firewall Driver) - d:\windows\system32\drivers\fwdrv.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - d:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - g:\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 XBCD+ (XBCD+ Kernel Module) - d:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>

S3 catchme - d:\docume~1\lauren\locals~1\temp\catchme.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - d:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 TIEHDUSB - d:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 utblfilt - d:\windows\system32\drivers\utblfilt.sys <Not Verified; Aiptek; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 PersFw (Tiny Personal Firewall) - d:\program files\tiny personal firewall\persfw.exe <Not Verified; Tiny Software; Tiny Personal Firewall>

S2 PinnacleUpdateSvc (PinnacleUpdate Service) - g:\xbox 360 controller\pinnacle_updater.exe <Not Verified; KALiNKOsoft; pinnacle_updater.exe>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-20 17:00:36 384 --a------ D:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-20 15:48:32 360 --a------ D:\WINDOWS\Tasks\SmartDefrag.job
2008-07-17 09:58:26 318 --a------ D:\WINDOWS\Tasks\RegCure.job
2008-06-22 07:05:02 312 --a------ D:\WINDOWS\Tasks\Scheduled Checkpoint.job
2008-06-21 07:41:20 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-16 20:22:13 0 d-------- D:\WINDOWS\system32\drivers\UMDF
2008-07-16 19:03:58 0 d-------- D:\Program Files\Netflix
2008-07-12 18:48:17 0 --a------ D:\WINDOWS\system32\winlogon.dll
2008-07-12 18:48:12 0 d-------- D:\Documents and Settings\Lauren\Application Data\Antivirus2008y
2008-07-12 18:47:49 0 d-------- D:\Program Files\Antivirus2008y
2008-06-23 19:58:23 0 d-------- D:\Program Files\Panda Security
2008-06-23 18:19:42 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 18:18:58 0 d-------- D:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com
2008-06-23 17:40:19 0 d-------- D:\Documents and Settings\Lauren\Application Data\Malwarebytes
2008-06-23 17:40:08 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 17:39:35 0 d-------- D:\Program Files\Common Files\Download Manager
2008-06-23 17:30:45 0 d-------- D:\Documents and Settings\Lauren\Application Data\Opera
2008-06-23 02:50:27 0 d-------- D:\WINDOWS\nvidia icons
2008-06-23 02:49:29 0 d-------- D:\WINDOWS\nview


-- Find3M Report ---------------------------------------------------------------

2008-05-30 17:22:48 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 17:22:48 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:48 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 815104 --a------ D:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 683520 --a------ D:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 16:22:18 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2008-05-22 16:19:46 196608 --a------ D:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 16:19:46 81920 --a------ D:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 16:18:54 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-02 22:46:00 1630208 --a------ D:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ D:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ D:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartDefrag"="G:\IObit SmartDefrag\IObit SmartDefrag.exe" [01/09/2007 10:46 AM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 05:19 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="G:\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="G:\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"msnmsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"SUPERAntiSpyware"="G:\SuperAntiSpyware\SUPERAntiSpyware.exe" [06/27/2008 06:49 PM]
"Antivirus2008y"="D:\Program Files\Antivirus2008y\antvrs.exe" []

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - G:\Microsoft Office PRO\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/23/2008 10:30:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= D:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [06/12/2003 01:42 PM 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\SuperAntiSpyware\SASWINLO.DLL 06/27/2008 06:48 PM 294912 G:\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCScheduleCheck]
D:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup

*Newly Created Service* - GTNDIS5



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7966 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-21 14:13:25 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 383.54 MiB / 88.22 MiB
Pagefile Memory (total/avail): 731.69 MiB / 263.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 11.18 GiB total, 9.54 GiB free.
D: is Fixed (FAT32) - 7.43 GiB total, 0.16 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 74.51 GiB total, 26.73 GiB free.

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250

\\.\PHYSICALDRIVE0 - Maxtor 5T020H2 - 18.62 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 11.18 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 7.45 GiB - D:

\\.\PHYSICALDRIVE2 - WD 800BB External USB Device - 74.53 GiB - 1 partition
\PARTITION0 - Unknown - 74.53 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirewallOverride is set.

AV: avast! antivirus 4.8.1201 [VPS 080721-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"G:\\iTunes\\iTunes.exe"="G:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\iTunes\\LimeWire\\LimeWire.exe"="G:\\iTunes\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"G:\\FFXI\\SquareEnix\\PlayOnlineViewer\\pol.exe"="G:\\FFXI\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"
"G:\\Trillian\\trillian.exe"="G:\\Trillian\\trillian.exe:*:Enabled:Trillian"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Lauren\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=LAUREN-G1Z1WYFU
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Lauren
LOGONSERVER=\\LAUREN-G1Z1WYFU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\wbem;G:;D:\Program Files\Common Files\Ulead Systems\MPEG;D:\Program Files\Common Files\Ulead Systems\DVD;G:\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Lauren\LOCALS~1\Temp
TMP=D:\DOCUME~1\Lauren\LOCALS~1\Temp
USERDOMAIN=LAUREN-G1Z1WYFU
USERNAME=Lauren
USERPROFILE=D:\Documents and Settings\Lauren
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Lauren (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> G:\DivX Codec\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> D:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> D:\WINDOWS\ISUNINST.EXE -fC:\Uninst.isu -cC:\Uninst.dll
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> D:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Advanced WindowsCare Personal 2.6.0 --> "G:\Advanced WindowsCare V2\Advanced WindowsCare V2\unins000.exe"
AI RoboForm (All Users) --> "D:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
avast! Antivirus --> D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec --> G:\DivX Codec\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> G:\DivX Codec\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> G:\DivX Codec\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> G:\DivX Codec\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decoder Pak for Windows XP --> MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
EVEREST Home Edition v2.20 --> "G:\EVEREST Home Edition\unins000.exe"
FINAL FANTASY XI --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Chains of Promathia --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
FINAL FANTASY XI: Wings of the Goddess --> D:\Program Files\InstallShield Installation Information\{5B037ED7-0755-48D4-9554-808E5AF50F17}\setup.exe -runfromtemp -l0x0409
Greeting Card Factory Express Workshop --> MsiExec.exe /X{543B24A5-A285-4FE0-AD7B-2F0E49247AF9}
Guild Wars --> "G:\Guild Wars\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2 --> "G:\HijackThis!\HijackThis.exe" /uninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Indeo® XP Software --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Ligos\Indeo\UninstXP.isu"
InterActual Player --> D:\Program Files\InterActual\InterActual Player\inuninst.exe
IObit SmartDefrag Beta 2.01 --> "G:\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.18.3 --> "G:\Limewire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "G:\MBam\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Zoo Tycoon --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NJStar Japanese WP --> G:\Japlanguagepack\NJStar Japanese WP\uninst.exe
NVIDIA Drivers --> D:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.50 --> MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
Panda ActiveScan 2.0 --> D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhoTags Express --> D:\PROGRA~1\PHOTAG~1\Setup.exe /remove
Pinnacle Game Profiler --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setup.exe" -l0x9
PlayOnline Viewer and Tetra Master --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Recovery Commander --> D:\WINDOWS\RCUninstall.exe
RegCure 1.5.0.0 --> G:\RegCure\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SlimBrowser (remove only) --> "G:\SlimBrowser\uninst.exe"
Spybot - Search & Destroy --> "G:\Spybot S&D\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Tiny Personal Firewall 2.0.15 A (221001) --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}\Setup.exe" anything
Trillian --> G:\Trillian\trillian.exe /uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WIRELESS DESIGN & WORK TABLET 100/200/400 --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\USB Tablet\USB Tablet Driver\Uninst.isu"
XBCD+ --> G:\XBox 360 Controller\XBCD+\uninstall.exe
Xvid 1.1.2 final uninstall --> "G:\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type565 / Error
Event Submitted/Written: 07/21/2008 01:19:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pol.exe, version 1.18.7.0, faulting module unknown, version 0.0.0.0, fault address 0x6ce1d5f3.
Processing media-specific event for [pol.exe!ws!]

Event Record #/Type559 / Warning
Event Submitted/Written: 07/20/2008 03:44:18 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{A8B94669-8654-4126-BD28-D0D2412CDED6}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'

Event Record #/Type558 / Error
Event Submitted/Written: 07/18/2008 00:01:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pol.exe, version 1.18.7.0, faulting module unknown, version 0.0.0.0, fault address 0x6ce1d5f3.
Processing media-specific event for [pol.exe!ws!]

Event Record #/Type557 / Error
Event Submitted/Written: 07/17/2008 07:58:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application opera.exe, version 9.50.10063.0, faulting module unknown, version 0.0.0.0, fault address 0x300a1ae0.
Processing media-specific event for [opera.exe!ws!]

Event Record #/Type553 / Error
Event Submitted/Written: 07/16/2008 02:27:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pol.exe, version 1.18.7.0, faulting module unknown, version 0.0.0.0, fault address 0x6ce1d5f3.
Processing media-specific event for [pol.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24811 / Error
Event Submitted/Written: 07/21/2008 10:29:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type24810 / Error
Event Submitted/Written: 07/21/2008 10:28:33 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%2

Event Record #/Type24807 / Error
Event Submitted/Written: 07/21/2008 10:28:33 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Event Record #/Type24806 / Error
Event Submitted/Written: 07/21/2008 10:28:03 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%2

Event Record #/Type24803 / Error
Event Submitted/Written: 07/21/2008 10:28:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-07-21 14:13:25 ------------
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello Lovltn848,

Before we go further we need to disable Windows Firewall

How to Disable Windows Firewall in Windows XP SP2

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.

Next

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-----Step 2-----

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    D:\WINDOWS\system32\winlogon.dll
    D:\Documents and Settings\Lauren\Application Data\Antivirus2008y
    D:\Program Files\Antivirus2008y
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-----Step 3-----

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • OTMoveIt2 report
  • Kaspersky Scan results
  • a fresh HijackThis log

  • 0

#7
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Explorer killed successfully
File/Folder D:\WINDOWS\system32\winlogon.dll not found.
D:\Documents and Settings\Lauren\Application Data\Antivirus2008y moved successfully.
D:\Program Files\Antivirus2008y moved successfully.
< purity >
< EmptyTemp >
File delete failed. D:\DOCUME~1\Lauren\LOCALS~1\Temp\~DF9CFF.tmp scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_a0.dat scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212008_185730

Files moved on Reboot...
D:\DOCUME~1\Lauren\LOCALS~1\Temp\~DF9CFF.tmp moved successfully.
D:\WINDOWS\temp\Perflib_Perfdata_a0.dat moved successfully.
D:\WINDOWS\temp\_avast4_\Webshlock.txt moved successfully.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 22, 2008 10:11:46 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/07/2008
Kaspersky Anti-Virus database records: 982552
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 98526
Number of viruses found: 11
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 10:50:34

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{186AE334-FD3F-43EE-99D4-B497983B57D4}\RP135\A0039280.exe Infected: Trojan-Downloader.Win32.FraudLoad.vahr skipped
D:\System Volume Information\_restore{186AE334-FD3F-43EE-99D4-B497983B57D4}\RP137\change.log Object is locked skipped
D:\SDFix\backups\backups.zip/backups/braviax.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.dp skipped
D:\SDFix\backups\backups.zip/backups/users32.dat Infected: not-a-virus:AdWare.Win32.Agent.zo skipped
D:\SDFix\backups\backups.zip ZIP: infected - 2 skipped
D:\SDFix\backups_old2\catchme.zip/beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
D:\SDFix\backups_old2\catchme.zip/beep.sys.1 Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
D:\SDFix\backups_old2\catchme.zip ZIP: infected - 2 skipped
D:\SDFix\backups_old2\backups.zip/backups/beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
D:\SDFix\backups_old2\backups.zip/backups/cru629.dat Infected: Backdoor.Win32.Small.cwg skipped
D:\SDFix\backups_old2\backups.zip ZIP: infected - 2 skipped
D:\SDFix\backups_old1\backups.zip/backups/beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
D:\SDFix\backups_old1\backups.zip/backups/cru629.dat Infected: Backdoor.Win32.Small.cwg skipped
D:\SDFix\backups_old1\backups.zip ZIP: infected - 2 skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
D:\WINDOWS\system32\config\Applicat.evt Object is locked skipped
D:\WINDOWS\system32\config\Security.evt Object is locked skipped
D:\WINDOWS\system32\config\System.evt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
D:\WINDOWS\Temp\Perflib_Perfdata_7fc.dat Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{3B6C4CEB-713F-4480-B1DB-C9D6900C73DA}.bin Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\History\History.IE5\MSHist012008072220080723\index.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Lauren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Lauren\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-21-2008( 19-11-19 ).LOG Object is locked skipped
D:\Documents and Settings\Lauren\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Lauren\ntuser.dat Object is locked skipped
D:\Documents and Settings\Administrator\Desktop\catchme.zip/beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
D:\Documents and Settings\Administrator\Desktop\catchme.zip/beep.sys.1 Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
D:\Documents and Settings\Administrator\Desktop\catchme.zip ZIP: infected - 2 skipped
D:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
G:\System Volume Information\_restore{186AE334-FD3F-43EE-99D4-B497983B57D4}\RP137\change.log Object is locked skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[2].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[3].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[4].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[5].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[6].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[7].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[8].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[9].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\ahh007[1].jpg Object is locked skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\BZIAN5V3\XPAinstall_880058[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.gen skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\BZIAN5V3\AntvrsInstall[3].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\BZIAN5V3\AntvrsInstall[2].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\RTXJ1L2C\antvrs.exe Infected: Trojan-Downloader.Win32.FraudLoad.vahr skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\RTXJ1L2C\AntvrsInstall[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\KPQNOPQV\AntvrsInstall[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\Incomplete\Temporary Internet Files\Content.IE5\KPQNOPQV\AntvrsInstall[2].exe Infected: Trojan-Downloader.Win32.FraudLoad.vamo skipped
G:\MBam\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
G:\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe Infected: Trojan-GameThief.Win32.WOW.blp skipped
G:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe Infected: Trojan-GameThief.Win32.WOW.bki skipped

Scan process completed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:34 AM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
G:\AdAware\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\RUNDLL32.EXE
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\SlimBrowser\sbrowser.exe
D:\WINDOWS\System32\svchost.exe
G:\Trillian\trillian.exe
G:\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...e/w4sgeen10.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay11...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188675217674
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9372 bytes
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello Lovltn848,

For your information, in my experience, downloading cracks inevitably results in infection.

We need to disable TeaTimer so it does not interfere with things.

  • Start Spybot-S&D
  • Go to the Mode menu and make sure Advanced Mode is selected
  • On the left hand side choose Tools and then click on Resident
  • Uncheck Resident Tea Timer and choose OK for any other prompts
  • Restart your computer
Next

Copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
dir "D:\Documents and Settings\Lauren\Incomplete" > result.txt
notepad result.txt
exit

Save it to your desktop as File name: result.bat
Save as type: All Files

Once done, double click result.bat to run it. A command window will open briefly, then close. This is quite normal.

Notepad will open with some text. Please copy and post that back here.

-----Step 2-----

This pesky 016 item has come back.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-----Step 2-----

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip/Setup.exe
    D:\Documents and Settings\Lauren\Incomplete\T-996034-Adobe PhotoShop 9.0 CS2.zip
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[1].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[2].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[3].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[4].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[5].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[6].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[7].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[8].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\AHM70TAB\AntvrsInstall[9].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\BZIAN5V3\XPAinstall_880058[1].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\BZIAN5V3\AntvrsInstall[3].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\BZIAN5V3\AntvrsInstall[2].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\RTXJ1L2C\antvrs.exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\RTXJ1L2C\AntvrsInstall[1].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\KPQNOPQV\AntvrsInstall[1].exe
    G:\Incomplete\Temporary Internet Files\Content.IE5\KPQNOPQV\AntvrsInstall[2].exe
    G:\World of Warcraft\WoW-2.1.0.6692-to-2.1.0.6729-enUS-downloader.exe
    G:\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-----Step 3-----

You have had Malwarebytes on your machine, if it is still there please ensure it is updated and run.

Otherwise please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you come back please post
  • text from result.bat
  • OTMoveIt report
  • Malwarebytes scan results
  • a new HijackThis log

  • 0

#9
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Volume in drive D is STUDENT
Volume Serial Number is 680D-9210

Directory of D:\Documents and Settings\Lauren\Incomplete

09/03/2006 12:56 PM <DIR> .
09/03/2006 12:56 PM <DIR> ..
10/06/2006 03:09 PM 7,527 downloads.bak
10/06/2006 11:00 PM 7,527 downloads.dat
09/03/2006 07:30 PM 43,544 T-3882704-01. look through my eyes.mp3
09/03/2006 08:04 PM 3,295,054 T-3295054-02. great spirits.mp3
09/03/2006 07:34 PM 283,144 T-3523671-03. welcome.mp3
09/03/2006 01:14 PM 408,476,366 T-415236618-Adobe Photoshop 7.0 FULL (+serial).zip
09/03/2006 08:06 PM 2,359,296 T-2416087-05. transformation.mp3
09/03/2006 03:01 PM 1,024 T-4091948-doug kershaw - mistakes by number.mp3
09/03/2006 08:02 PM 2,873,958 T-3560029-06. on my way.mp3
09/03/2006 01:02 PM 0 T-4756976-Skinny Puppy & Ministry - Smothered Hope.(live).mp3
09/10/2006 10:52 AM 22 T-344998294-Adobe Photoshop CS2 9.0 Final.zip
09/03/2006 01:05 PM 24,576 T-996034-Adobe PhotoShop 9.0 CS2.zip
09/10/2006 10:52 AM 22 T-345184726-Adobe Photoshop_CS2 9.0 full.zip
09/03/2006 03:00 PM 0 T-1868364-Doug Kershaw - Papa Thibodeaux.mp3
09/03/2006 07:46 PM 491,246 T-4153555-04. no way out(single version).mp3
09/03/2006 07:29 PM 0 T-3134969-07. welcome.mp3
09/03/2006 08:06 PM 287,576 T-5473446-13. Track 13.mp3
09/03/2006 01:16 PM 0 T-4956026-David Bowie - Young Americans.mp3
09/03/2006 07:29 PM 0 T-2555263-08. no way out.mp3
09/03/2006 08:06 PM 283,052 T-2360916-09. transformation.mp3
09/03/2006 07:29 PM 0 T-6505393-10. three brothers.mp3
09/03/2006 07:29 PM 0 T-6565588-11. awakes as a bear.mp3
09/03/2006 07:54 PM 4,980,736 T-5286230-12. wilderness of danger and beauty.mp3
09/10/2006 10:52 AM 22 T-872159-Adobe Photoshop CS2 9.0.zip
10/05/2006 11:16 PM 0 T-6023168-Celtic - Pan Pipes - Instrumental - Flute Music of the Andes - Spirit of the Incas.mp3
10/05/2006 10:20 PM 13,141 T-4204084-02 We Are The Pigs.m4a
09/18/2006 10:03 PM 14,417,920 CORRUPT-0-Ravel - Bolero.mp3
09/30/2006 10:26 PM 13,205,499 T-13205499-philip glass - mad rush, solo piano.mp3
10/05/2006 10:19 PM 0 T-5245401-12 Still Life.m4a
10/05/2006 10:19 PM 0 T-3297144-03 Heroine.m4a
09/30/2006 09:09 PM 2,822,644 T-4013543-London Suede -The Drowners.mp3
09/30/2006 09:13 PM 5,242,880 T-5514013-Philip Glass - Morning Passages.mp3
09/30/2006 09:13 PM 5,242,880 T-5337529-David Bowie - Brian Eno & phillip Glass- Song Of The Silent Age.MP3
09/30/2006 08:36 PM 0 T-3692008-Suede - Beautiful Ones.mp3
09/30/2006 09:42 PM 0 T-3951732-17 Cut Here.m4a
09/30/2006 08:36 PM 0 T-6459977-Saturday Night - Suede.mp3
09/30/2006 09:06 PM 0 T-4855876-Suede - 03 - Can't Get Enough.mp3
10/05/2006 10:19 PM 0 T-3743116-08 This Hollywood Life.m4a
10/05/2006 10:19 PM 0 T-5220623-05 Daddy's Speeding.m4a
10/05/2006 10:19 PM 0 T-4703879-04 The Wild Ones.m4a
10/05/2006 10:19 PM 0 T-4304042-13 Modern Boys.m4a
10/05/2006 10:41 PM 588,620 T-4467029-The London Suede - Attitude.mp3
10/05/2006 10:22 PM 119,808 T-3485711-London Suede - So Young.MP3
10/05/2006 10:40 PM 0 T-5511168-Leftfield - Storm 3000.mp3
10/05/2006 11:14 PM 32,810 T-2490752-Braveheart pan pipes.mp3
09/30/2006 09:10 PM 0 T-2090057-Suede - Les Yeux Fermes.mp3
09/03/2006 08:15 PM 0 T-3106690-disney-Hercules - Go the Distance.mp3
09/03/2006 08:15 PM 0 T-2251152-disney-Hercules - I Won't Say (I'm In Love).mp3
10/05/2006 11:16 PM 0 T-6024260-Celtic - Pan Pipes - Instrumental - Flute Music of the Andes - Spirit of the Incas.mp3
09/28/2006 08:19 PM 10,050,901 CORRUPT-0-Cradle of Filth - Thornography 11-under_huntress_moon.mp3
09/30/2006 10:37 PM 1,146,880 T-5506195-The Sisters of Mercy - Marian.mp3
09/30/2006 08:41 PM 0 T-2011117-03 - Suede - La Puissance.mp3
09/30/2006 09:42 PM 0 T-3474991-07 Close To Me.m4a
09/30/2006 10:47 PM 8,650,752 T-8673408-Sisters of Mercy - Comfortably Numb (1).mp3
09/30/2006 08:45 PM 0 T-26495523-Sleep Relaxation - Sounds of Nature - Heavy Rain With Rolling Thunder_Nature_Storms -- Thunder & Rain.mp3
09/30/2006 10:36 PM 0 T-3936230-Sisters of Mercy - Anaconda.mp3
09/30/2006 10:36 PM 0 T-7168542-The Sisters of Mercy-Gimme Shelter.mp3
09/30/2006 10:37 PM 0 T-8764380-The Sisters Of Mercy-Colours 10.mp3
09/30/2006 09:41 PM 0 T-6505082-The Sisters Of Mercy - Flood.mp3
09/30/2006 09:41 PM 0 T-4606080-Sisters of Mercy - Cry Little Sister (Theme From The Lost Boys).mp3
09/30/2006 09:41 PM 0 T-2822144-The Sisters of Mercy - Never Land.mp3
09/30/2006 09:42 PM 0 T-4623300-12 Never Enough.m4a
09/30/2006 09:43 PM 0 T-3364872-04 Love Song.m4a
63 File(s) 484,949,427 bytes
2 Dir(s) 238,129,152 bytes free



This is all I can post for now, when I ran OTMoveIt2 my desktop disappeared so I can't open any other programs....
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello Lovltn848,

Have you rebooted you computer?


Regards
emeraldnzl
  • 0

Advertisements


#11
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Yes, I rebooted. I checked for the OTMoveIt2 log but I can't find it. I don't think it got made.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Still no desktop?
  • 0

#13
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
It came back after the reboot.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
OK, just go ahead with the rest i.e. Malwarebytes and HijackThis log

Oh and before you do the HijackThis you might run Kaspersky again.

Regards
emeraldnzl

So just a reminder please post
  • Malwarebytes report
  • Kaspersky scan results
  • a new HijackThis log

  • 0

#15
Lovltn848

Lovltn848

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Okay Kaspersky will take all night to scan so I'll post again tomorrow I guess.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP