You are currently running Hijackthis from a
Temp file.
Hijackthis creates backup's that we may need, which could be lost or deleted easily from a temp location
Please move Hijackthis to it's own folder, It can be done by
Create a folder on the C: drive called
C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C:
then right click and select New then Folder and name it
HJT.
Logfile of HijackThis v1.99.1
Scan saved at 16:18:49, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Attempting to delete C:\WINDOWS\system32\udtjunyu.dll
C:\WINDOWS\system32\udtjunyu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xraibgj.dll
C:\WINDOWS\system32\xraibgj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1 Scan saved at 16:54:26, on 11/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
1) Save it to the desktop and run it. 2) Select " Delete on Reboot", and then select "All files". 3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
4) Return to Killbox, go to the File menu, and choose " Paste from Clipboard". 5) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt. Click " No" at the Pending Operations prompt.
Next Rerun Hijackthis and place checks beside the following entries
Close all other open windows except Hijackthis and Select "
Fix checked"
Next Reboot into
Safe Mode This can be done by
Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
Next Using Windows Search (Click Start->>Search)
Locate and delete the following
folders (if found)
C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c} C:\DOCUME~1\Paul\MYDOCU~1\CURITY~1 C:\Documents and Settings\Paul\My Documents\W?nSxS
Close Windows Search->>Reboot your PC->>Rerun Hijackthis and post a
fresh Hijackthis log
That happens, it will speed back to normal when we are done
We still have a couple of Vundo files to deal with, we are going to run Vundofix again, but alter the instructions slightly
Run VundoFix
At the Main window Rt Click in the Open Box and Select Add Files A second window will open Copy and paste the following into the first open line
C:\WINDOWS\system32\vtstq.dll
Select Add Files ->> Then Close Window
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Then Rerun Hijackthis and post a fresh Hijackthis log along with the vundofix.txt
Hate to say it but pc is running slower than ever now! I've followed all instructions, here's the latest HJT log
Logfile of HijackThis v1.99.1
Scan saved at 19:31:56, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Attempting to delete C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nyfiltot.dll
C:\WINDOWS\system32\nyfiltot.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 21:33:03, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
That Update.exe process stopping seems to have done the trick! Although there was only one to end.
Logfile of HijackThis v1.99.1
Scan saved at 08:40:31, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.
If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
Next Run an online virus scan called
Kaspersky from
HERE.
1. Click on " Kaspersky Online Scanner" 2. A new smaller window will pop up. Press on " Accept". After reading the contents. 3. Now Kaspersky will update the anti-virus database. Let it run. 4. Click on " Next"->>" Scan Settings", and make sure the database is set to " extended". And check both the scan options. Then click OK. 5. Then click on " My Computer". And the scan will start. 6. Once finished, save a log as ". txt" to the desktop.
Copy and post the results of the Kaspersky Online scan
Scan Statistics:
Total number of scanned objects: 67005
Number of viruses found: 23
Number of infected objects: 125 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:48:38
Infected Object Name / Virus Name / Last Action
C:\!KillBox\byxxxyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1084625360_1441792_82937 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1084625360_196608_82938 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1084625360_393216_82946 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE7.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B4CAB50F-EBE8-40ED-BA7C-9ACA3105C90F}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{BA645947-88C8-4A10-8D3D-8ABEBA14AAD6}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{C970ECC2-D6A2-4FB8-A36F-A10639ABADC3}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5FA9AE38-41E0-45B5-A504-F7D70D\98FAA6F1-5E47-4295-9FC2-9BD46F Infected: Trojan-Downloader.MSIL.Agent.c skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5FA9AE38-41E0-45B5-A504-F7D70D\DBCF1F2A-66EE-42D4-BE4B-71DB6C/data0002 Infected: Trojan-Downloader.MSIL.Agent.c skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5FA9AE38-41E0-45B5-A504-F7D70D\DBCF1F2A-66EE-42D4-BE4B-71DB6C NSIS: infected - 1 skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A5B67BB-FF64-4BF6-BD57-43FC24\29DE9792-108B-4DF3-8D9A-150901 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A909E79-FDDA-4DAB-9998-69A8A4\B9DCE6E5-BA47-471C-8DF2-CA4B7E Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A909E79-FDDA-4DAB-9998-69A8A4\F9672F58-7F44-41F1-8CBE-E63D8A Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\SunEventsData.sdb Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\MSHist012006101320061014\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\Perflib_Perfdata_1dc.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF1A44.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF8EAB.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DFA65F.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DFE724.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\My Documents\Downloads\freeripmp3.exe/data0009 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Documents and Settings\Paul\My Documents\Downloads\freeripmp3.exe Inno: infected - 1 skipped
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.n skipped
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002 Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0003/data0139 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe Inno: infected - 8 skipped
C:\Documents and Settings\Paul\My Documents\Downloads\WarezP2P_TDL.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
C:\Documents and Settings\Paul\My Documents\Funnies\SudokuChallengeSetup_1.01-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Paul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Common Files\misc002\DXC.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029260.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029262.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029263.exe Infected: Backdoor.Win32.Hupigon.cj skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029265.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029268.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029269.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029271.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029275.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029277.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029278.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
I want to be sure we got it all and it doesn't come right back, so hang in there.
Reboot into
Safe Mode This can be done by
Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
Next Using Windows Explorer
(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and delete the following
folder
C:\Program Files\Common Files\misc002
Locate and delete the following
files
C:\Documents and Settings\Paul\My Documents\Downloads\freeripmp3.exe C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe C:\Documents and Settings\Paul\My Documents\Downloads\WarezP2P_TDL.exe C:\Documents and Settings\Paul\My Documents\Funnies\SudokuChallengeSetup_1.01-dm.exe C:\WINDOWS\system32\gebcawx.dll C:\WINDOWS\system32\nnljgeb.dll
Reboot your PC->>Rerun Hijackthis and post one more fresh hijackthis log for me to look at
And please indicate if you have any problems deleting the files
bamajim
10.4K Posts
0
October 11th, 2006 14:00
Hijackthis creates backup's that we may need, which could be lost or deleted easily from a temp location
Please move Hijackthis to it's own folder, It can be done by
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C:
then right click and select New then Folder and name it HJT.
Then repost your log
bamajim
10.4K Posts
0
October 11th, 2006 14:00
Well done
Please download VundoFix.exe to your desktop.
audi321
33 Posts
0
October 11th, 2006 14:00
Scan saved at 16:18:49, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\{40A611D0-0BB8-2057-0909-05050531002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
c:\program files\common files\aol\1145180466\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1145180466\ee\aolsoftware.exe
C:\Documents and Settings\Paul\My Documents\W?nSxS\?serinit.exe
C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\WINDOWS\SDDetect.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HJT\analyse.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=gb&authLev=2&siteState=ver%3a1%252c0%26ld%3aemail.aol.co.uk%26pv%3aAOL%26lc%3aen-gb%26ud%3aaol.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {BAF8C7F7-5D19-0CE6-6CEF-54800D30559E} - C:\WINDOWS\system32\ankqwoi.dll (file missing)
R3 - URLSearchHook: (no name) - {E7ABCAF0-0B4B-2692-6C9C-5D80783B5291} - C:\WINDOWS\system32\icvaaup.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\byxxxyv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {36B45D70-4345-9A10-7B49-06E9B1D3540D} - C:\WINDOWS\system32\xraibgj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8437D802-A0C7-4C8D-9871-89FC1A37DDEB} - C:\WINDOWS\system32\ssqpq.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\udtjunyu.dll
O2 - BHO: (no name) - {9B6EB7D1-713C-77C9-17F6-75E29B792091} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BAF8C7F7-5D19-0CE6-6CEF-54800D30559E} - C:\WINDOWS\system32\ankqwoi.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {E7ABCAF0-0B4B-2692-6C9C-5D80783B5291} - C:\WINDOWS\system32\icvaaup.dll
O2 - BHO: (no name) - {E8ABCAA7-0A49-00B3-6CEF-54800D300FC0} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [gifamcg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gifamcg.dll,xcskac
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hxkfcn] C:\WINDOWS\system32\ihgncp.exe reg_run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eurgd] C:\WINDOWS\system32\ihgncp.exe reg_run
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [Eaoa] "C:\DOCUME~1\Paul\MYDOCU~1\CURITY~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Tumkommc] C:\Documents and Settings\Paul\My Documents\W?nSxS\?serinit.exe
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: LED Display Driver.lnk = C:\WINDOWS\SDDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.10/cfweb_activex.camfrogweb.com-advanced-2.0.1.10_instmodule.exe
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.3/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160508098234
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (IPCAM Object) - http://61.59.37.156/view.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF1B7E7A-18E3-4D0B-80A3-F5EC4507F1E9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: byxxxyv - C:\WINDOWS\SYSTEM32\byxxxyv.dll
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
audi321
33 Posts
0
October 11th, 2006 14:00
C:\WINDOWS\system32\xraibgj.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\udtjunyu.dll Has been deleted!
C:\WINDOWS\system32\xraibgj.dll Has been deleted!
C:\WINDOWS\system32\ssqpq.dll Has been deleted!
C:\WINDOWS\system32\qpqss.ini Has been deleted!
C:\WINDOWS\system32\qpqss.bak2 Has been deleted!
Done!
Logfile of HijackThis v1.99.1
Scan saved at 16:54:26, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\{40A611D0-0BB8-2057-0909-05050531002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Documents and Settings\Paul\My Documents\W?nSxS\?serinit.exe
C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\WINDOWS\SDDetect.exe
c:\program files\common files\aol\1145180466\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1145180466\ee\aolsoftware.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\analyse.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=gb&authLev=2&siteState=ver%3a1%252c0%26ld%3aemail.aol.co.uk%26pv%3aAOL%26lc%3aen-gb%26ud%3aaol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=gb&authLev=2&siteState=ver%3a1%252c0%26ld%3aemail.aol.co.uk%26pv%3aAOL%26lc%3aen-gb%26ud%3aaol.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {BAF8C7F7-5D19-0CE6-6CEF-54800D30559E} - C:\WINDOWS\system32\ankqwoi.dll (file missing)
R3 - URLSearchHook: (no name) - {E7ABCAF0-0B4B-2692-6C9C-5D80783B5291} - C:\WINDOWS\system32\icvaaup.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\byxxxyv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {36B45D70-4345-9A10-7B49-06E9B1D3540D} - C:\WINDOWS\system32\xraibgj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\udtjunyu.dll (file missing)
O2 - BHO: (no name) - {9B6EB7D1-713C-77C9-17F6-75E29B792091} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BAF8C7F7-5D19-0CE6-6CEF-54800D30559E} - C:\WINDOWS\system32\ankqwoi.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {E8ABCAA7-0A49-00B3-6CEF-54800D300FC0} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [gifamcg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gifamcg.dll,xcskac
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hxkfcn] C:\WINDOWS\system32\ihgncp.exe reg_run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eurgd] C:\WINDOWS\system32\ihgncp.exe reg_run
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [Eaoa] "C:\DOCUME~1\Paul\MYDOCU~1\CURITY~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Tumkommc] C:\Documents and Settings\Paul\My Documents\W?nSxS\?serinit.exe
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: LED Display Driver.lnk = C:\WINDOWS\SDDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.10/cfweb_activex.camfrogweb.com-advanced-2.0.1.10_instmodule.exe
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.3/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160508098234
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (IPCAM Object) - http://61.59.37.156/view.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF1B7E7A-18E3-4D0B-80A3-F5EC4507F1E9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: byxxxyv - C:\WINDOWS\SYSTEM32\byxxxyv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bamajim
10.4K Posts
0
October 11th, 2006 16:00
Good job
You may want to print out these instructions for reference
First Go here and download Purity Scan Uninstaller
Next Please run the Purity scan Uninstaller
If you have any problems a Tutorial can be found here
Next Please download the Killbox.
2) Select " Delete on Reboot", and then select "All files".
3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\gifamcg.dll
C:\WINDOWS\system32\ihgncp.exe
4) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
5) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt. Click " No" at the Pending Operations prompt.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {BAF8C7F7-5D19-0CE6-6CEF-54800D30559E} - C:\WINDOWS\system32\ankqwoi.dll (file missing)
R3 - URLSearchHook: (no name) - {E7ABCAF0-0B4B-2692-6C9C-5D80783B5291} - C:\WINDOWS\system32\icvaaup.dll (file missing)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\byxxxyv.dll
O2 - BHO: (no name) - {36B45D70-4345-9A10-7B49-06E9B1D3540D} - C:\WINDOWS\system32\xraibgj.dll (file missing)
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\udtjunyu.dll (file missing)
O2 - BHO: (no name) - {9B6EB7D1-713C-77C9-17F6-75E29B792091} - (no file)
O2 - BHO: (no name) - {BAF8C7F7-5D19-0CE6-6CEF-54800D30559E} - C:\WINDOWS\system32\ankqwoi.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {E8ABCAA7-0A49-00B3-6CEF-54800D300FC0} - (no file)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30A611D0-0BB8-2057-0909-05050531002c}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [gifamcg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gifamcg.dll,xcskac
O4 - HKLM\..\Run: [hxkfcn] C:\WINDOWS\system32\ihgncp.exe reg_run
O4 - HKCU\..\Run: [eurgd] C:\WINDOWS\system32\ihgncp.exe reg_run
O4 - HKCU\..\Run: [Eaoa] "C:\DOCUME~1\Paul\MYDOCU~1\CURITY~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Tumkommc] C:\Documents and Settings\Paul\My Documents\W?nSxS\?serinit.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.10/cfweb_activex.camfrogweb.com-advanced-2.0.1.10_instmodule.exe
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (IPCAM Object) - http://61.59.37.156/view.cab
O20 - Winlogon Notify: byxxxyv - C:\WINDOWS\SYSTEM32\byxxxyv.dll
Close all other open windows except Hijackthis and Select " Fix checked"
Next Reboot into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
Locate and delete the following folders (if found)
C:\DOCUME~1\Paul\MYDOCU~1\CURITY~1
C:\Documents and Settings\Paul\My Documents\W?nSxS
Close Windows Search->>Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log
bamajim
10.4K Posts
0
October 11th, 2006 17:00
That happens, it will speed back to normal when we are done
We still have a couple of Vundo files to deal with, we are going to run Vundofix again, but alter the instructions slightly
Run VundoFix
A second window will open
Copy and paste the following into the first open line
Select Add Files ->> Then Close Window
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Message Edited by bamajim on 10-11-2006 01:55 PM
audi321
33 Posts
0
October 11th, 2006 17:00
Scan saved at 19:31:56, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\{40A611D0-0BB8-2057-0909-05050531002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\WINDOWS\SDDetect.exe
C:\Program Files\HJT\analyse.exe.exe
c:\program files\common files\aol\1145180466\ee\aolsoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\aol\1145180466\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=gb&authLev=2&siteState=ver%3a1%252c0%26ld%3aemail.aol.co.uk%26pv%3aAOL%26lc%3aen-gb%26ud%3aaol.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8E484E02-FF50-48BB-9EB3-5D09FC95AC26} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: LED Display Driver.lnk = C:\WINDOWS\SDDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.3/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160508098234
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF1B7E7A-18E3-4D0B-80A3-F5EC4507F1E9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
audi321
33 Posts
0
October 11th, 2006 19:00
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\vtstq.dll Has been deleted!
C:\WINDOWS\system32\nyfiltot.dll Has been deleted!
C:\WINDOWS\system32\qtstv.ini Has been deleted!
C:\WINDOWS\system32\qtstv.bak1 Has been deleted!
Done!
Scan saved at 21:33:03, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\{40A611D0-0BB8-2057-0909-05050531002c}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\WINDOWS\SDDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\common files\aol\1145180466\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1145180466\ee\aolsoftware.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d9fa4b2a45d90761a6d824cd169bc99c\update\update.exe
C:\Program Files\HJT\analyse.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=gb&authLev=2&siteState=ver%3a1%252c0%26ld%3aemail.aol.co.uk%26pv%3aAOL%26lc%3aen-gb%26ud%3aaol.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8E484E02-FF50-48BB-9EB3-5D09FC95AC26} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: LED Display Driver.lnk = C:\WINDOWS\SDDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.3/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160508098234
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF1B7E7A-18E3-4D0B-80A3-F5EC4507F1E9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bamajim
10.4K Posts
0
October 11th, 2006 20:00
Noticed something a little odd.
First open Taskmanger (Rt Click a blank space on your lower toolbar->>Taskmanger)
Under the Processes tab
Highlite them one at a time, because there will be 2 or more
Select " End Process"
Next Rerun Hijackthis and place checks besdide the following entries
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
If prompted to reboot Select No and close Hijackthis
Next Using Windows Search (Click Start->>Search)
Locate and delete the following folders
C:\Program Files\Common Files\{40A611D0-0BB8-2057-0909-05050531002c}
Reboot your PC->>Rerun Hijackthis and post a fresh Hijackthis log
audi321
33 Posts
0
October 12th, 2006 06:00
Scan saved at 08:40:31, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\WINDOWS\SDDetect.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\aol\1145180466\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\common files\aol\1145180466\ee\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\analyse.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcservicecall.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/login.psp?mcState=initialized&seamless=novl&sitedomain=sns.webmail.aol.com&lang=en&locale=gb&authLev=2&siteState=ver%3a1%252c0%26ld%3aemail.aol.co.uk%26pv%3aAOL%26lc%3aen-gb%26ud%3aaol.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145180466\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Documents and Settings\Paul\My Documents\Downloads\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite 3\HitwarePKLite.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: LED Display Driver.lnk = C:\WINDOWS\SDDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.1.3/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160508098234
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF1B7E7A-18E3-4D0B-80A3-F5EC4507F1E9}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bamajim
10.4K Posts
0
October 12th, 2006 12:00
Under Main choose: Select All
Click the Empty Selected button.
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.
Next Run an online virus scan called Kaspersky from HERE.
2. A new smaller window will pop up. Press on " Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on " Next"->>" Scan Settings", and make sure the database is set to " extended". And check both the scan options. Then click OK.
5. Then click on " My Computer". And the scan will start.
6. Once finished, save a log as ". txt" to the desktop.
Copy and post the results of the Kaspersky Online scan
audi321
33 Posts
0
October 13th, 2006 08:00
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029280.exe Infected: Worm.Win32.VB.an skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029281.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029283.exe Infected: Worm.Win32.VB.an skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029284.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029285.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029286.exe Infected: Trojan-Clicker.Win32.Delf.dm skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029287.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029288.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029289.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029290.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029291.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dt skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029293.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029294.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029295.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029296.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029297.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029298.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029299.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029300.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029301.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029302.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029302.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029302.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029302.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029302.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029302.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029303.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029304.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029305.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0030556.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0030604.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0033412.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0036294.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP237\A0043452.dll Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP237\A0043453.exe Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\VundoFix Backups\nyfiltot.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\udtjunyu.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5242DF13-8017-4AEE-8ACA-63181EA07DA9}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gebcawx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nnljgeb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_780.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
audi321
33 Posts
0
October 13th, 2006 08:00
Friday, October 13, 2006 10:05:42 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/10/2006
Kaspersky Anti-Virus database records: 231331
-------------------------------------------------------------------------------
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Total number of scanned objects: 67005
Number of viruses found: 23
Number of infected objects: 125 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:48:38
C:\!KillBox\byxxxyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1084625360_1441792_82937 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1084625360_196608_82938 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1084625360_393216_82946 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE7.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B4CAB50F-EBE8-40ED-BA7C-9ACA3105C90F}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{BA645947-88C8-4A10-8D3D-8ABEBA14AAD6}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{C970ECC2-D6A2-4FB8-A36F-A10639ABADC3}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5FA9AE38-41E0-45B5-A504-F7D70D\98FAA6F1-5E47-4295-9FC2-9BD46F Infected: Trojan-Downloader.MSIL.Agent.c skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5FA9AE38-41E0-45B5-A504-F7D70D\DBCF1F2A-66EE-42D4-BE4B-71DB6C/data0002 Infected: Trojan-Downloader.MSIL.Agent.c skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5FA9AE38-41E0-45B5-A504-F7D70D\DBCF1F2A-66EE-42D4-BE4B-71DB6C NSIS: infected - 1 skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A5B67BB-FF64-4BF6-BD57-43FC24\29DE9792-108B-4DF3-8D9A-150901 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A909E79-FDDA-4DAB-9998-69A8A4\B9DCE6E5-BA47-471C-8DF2-CA4B7E Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A909E79-FDDA-4DAB-9998-69A8A4\F9672F58-7F44-41F1-8CBE-E63D8A Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Sunbelt Software\CounterSpy\SunEventsData.sdb Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\MSHist012006101320061014\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\Perflib_Perfdata_1dc.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF1A44.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF8EAB.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DFA65F.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DFE724.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\My Documents\Downloads\freeripmp3.exe/data0009 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Documents and Settings\Paul\My Documents\Downloads\freeripmp3.exe Inno: infected - 1 skipped
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.n skipped
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0002 Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0003/data0139 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe Inno: infected - 8 skipped
C:\Documents and Settings\Paul\My Documents\Downloads\WarezP2P_TDL.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
C:\Documents and Settings\Paul\My Documents\Funnies\SudokuChallengeSetup_1.01-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Paul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Common Files\misc002\DXC.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029260.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029262.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029263.exe Infected: Backdoor.Win32.Hupigon.cj skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029265.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029266.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029267.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029268.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029269.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029270.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029271.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029272.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029275.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029276.exe CryptFF: infected - 5 skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029277.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029278.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{012DF123-A588-4295-8C10-651CFFCE4564}\RP235\A0029279.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
audi321
33 Posts
0
October 13th, 2006 14:00
bamajim
10.4K Posts
0
October 13th, 2006 17:00
We are almost there :smileyhappy:
Reboot into Safe Mode
This can be done by
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
Next Using Windows Explorer
Locate and delete the following folder
Locate and delete the following files
C:\Documents and Settings\Paul\My Documents\Downloads\OiUninstaller.exe
C:\Documents and Settings\Paul\My Documents\Downloads\ossac.exe
C:\Documents and Settings\Paul\My Documents\Downloads\WarezP2P_TDL.exe
C:\Documents and Settings\Paul\My Documents\Funnies\SudokuChallengeSetup_1.01-dm.exe
C:\WINDOWS\system32\gebcawx.dll
C:\WINDOWS\system32\nnljgeb.dll