Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 29.8.2025 / 09:35
Search AfterDawn Forums:        In English   Suomeksi   Pĺ svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help-hjt log included
Show topics
 
Forums
Forums
please help-hjt log included
  Jump to:
 
Posted Message
bigQfan
Suspended due to non-functional email address
_ 		25. November 2006 @ 18:43 _ Link to this message    Send private message to this user   
here i am, the latest in a long line of people that need yourhelp. went to a bad site and i knew better, but did it anyway. its that darn eupdate thingy. heres my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:22:34 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\Common Files\{8C3ABA88-0AE9-1033-0103-060914050001}\Update.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\amVmZg\command.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\jeff\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3505DF66-FCA1-4DDD-8471-0096034B0C64}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\amVmZg\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe



and my smit fraud log

SmitFraudFix v2.124

Scan done at 22:42:26.48, Sat 11/25/2006
Run from C:\Documents and Settings\jeff\My Documents\filez4\setupz\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeff


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeff\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jeff\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

thanks soo much for your help
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		26. November 2006 @ 18:13 _ Link to this message    Send private message to this user   
Hello bigQfan, welcome to aD!

Looks like you've got a Vundo infection. Please rename HijackThis.exe to any name of your choice. Run a new scan and post the new log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
bigQfan
Suspended due to non-functional email address
_ 		26. November 2006 @ 18:38 _ Link to this message    Send private message to this user   
i think i renamed it correctly...here you go

Logfile of HijackThis v1.99.1
Scan saved at 10:35:06 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jeff\My Documents\lojoethat.exe

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\mdadjhrt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {41BB5720-B0FA-4148-9504-4B3B72AA6E19} - C:\WINDOWS\system32\vtsqp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winncv32 - winncv32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[ + quote]
Niobis
Senior Member
_ 		26. November 2006 @ 19:36 _ Link to this message    Send private message to this user   
Download VundoFix to your desktop.

Double-click VundoFix.exe to run it.
Click "Scan for Vundo".
Once it's done scanning, click "Remove Vundo".
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


After the restart run a scan only with "lojoethat.exe"(HijackThis) and check these(if there):

O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\mdadjhrt.dll
O2 - BHO: (no name) - {41BB5720-B0FA-4148-9504-4B3B72AA6E19} - C:\WINDOWS\system32\vtsqp.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: winncv32 - winncv32.dll (file missing)

Close all windows except HijackThis before clicking "Fix checked".

Restart your computer.

Please post back with the contents of C:\vundofix.txt along with a new HijackThis log, and also how are thing?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
bigQfan
Suspended due to non-functional email address
_ 		27. November 2006 @ 15:06 _ Link to this message    Send private message to this user   
heres the most recent hijack log


Logfile of HijackThis v1.99.1
Scan saved at 7:04:15 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\jeff\My Documents\lojoethat.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EntriqMediaTray] "C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

is this the vundo file you needed?

C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\pqstv.tmp
[ + quote]
Niobis
Senior Member
_ 		27. November 2006 @ 15:12 _ Link to this message    Send private message to this user   
HijackThis log looks good now, and yes even though that's not the full Vundo fix log, it will work. :)

Go here to run Kaspersky Online Scanner.
After downloading, click "My Computer" to scan.
After scanning, click "Save report as".
Save as a text file on the desktop.
Post the log in your next reply and also please tell me how things are running...any problems or symptoms?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
bigQfan
Suspended due to non-functional email address
_ 		27. November 2006 @ 22:09 _ Link to this message    Send private message to this user   
i thought everything was running well. seems back to normal. but then i ran the kaspersky scan and now i am concerned :)

KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 28, 2006 2:04:00 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/11/2006
Kaspersky Anti-Virus database records: 232286
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 170733
Number of viruses found: 19
Number of infected objects: 58 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:47:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2352659080_3145728_53674 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBED.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{13706DA1-3E42-46C5-8986-EFF63056FEEB}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\jeff\Application Data\Webroot\Spy Sweeper\Logs\061126035354.ses Object is locked skipped
C:\Documents and Settings\jeff\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jeff\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jeff\Local Settings\History\History.IE5\MSHist012006112720061128\index.dat Object is locked skipped
C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jeff\NTUser.dat Object is locked skipped
C:\Documents and Settings\jeff\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01CFD65C-A17F-4BFB-82CE-ED1263357106.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS025A203C-A4A0-457C-835F-B8CDE64958F6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS06571073-9F41-4214-85F4-A14485932940.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0ACB7269-0E72-412F-833F-F3E2BF341C99.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C1349C5-055B-46BC-B976-34A90417E517.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0D029BFB-1CDC-465E-9B35-29D6B5923696.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0FA3BC42-5F06-41B5-8EE6-AE19765EDE96.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10C564B5-A626-4FC1-A1E2-F68EEC250A01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12F95691-50E0-4D6D-99A1-99B39AC27404.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14DEB25D-4D10-4ADF-A4E0-46C99975C161.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS158C4A23-3C68-4049-B8A8-F4A42F4B658C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17013F46-68EC-4C9B-BB7B-FC7586BEE5EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS19A78BC4-D330-4E48-A70B-E79A1BE158CA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A9BDE06-1661-40BB-8D7D-FE4B6213FBBD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D2AA286-62F6-43B5-90E8-CC1FE590F61A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D723EDC-004B-48CC-B03B-FF348DC462CE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22DE6F54-57CF-4D3A-918E-697D0C319BF0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS23229AA2-137B-4190-A79A-0AFF074A9064.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B195A00-E23E-41F3-8FDF-42331780B31F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3312B0F9-33D7-46C3-A4ED-997B209EB0B1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS363DF0D4-532B-4904-B27F-9DF85C450954.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44A231A0-C31E-4FA9-B63B-6984AB1D8F1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS47C01AE6-16A3-405D-84DF-43D5964D7942.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4EBB9FF1-97DD-4D26-A8EC-2374B4FD8385.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5155C66E-46E0-4501-8CEB-6B882FE51172.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5269EA60-E0EB-471F-9488-6AA9F832F701.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS549CA87F-6A89-458F-B13D-3603B2A541CA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55B617C0-3B7C-462E-A550-D8EA14AF438B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS568A890A-F2F8-49CD-8CA7-64E8BE4A32FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58C77230-C275-4CF2-BD6E-F42C0DEB34A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CE4A059-6E23-449E-A32E-95B50DFBF978.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F19A950-4FC2-423B-B568-C9B099020293.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS61F910DD-2127-47A1-805C-FB121C87CEB3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68EF1136-9AFA-40C0-A658-69BD4B4B6B7A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS69247A82-DD49-4D7F-B956-192CCA03EEB7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A0FA593-395E-4C8A-8B9E-CD315FE42DBF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AB88EBF-4958-4B4F-84D3-AE0E48616543.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C015E0E-5728-4F32-9D6B-AE5EFF9B5777.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E7A6F07-10E9-4F13-924A-6013C3B1564D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EFB0739-C9A0-4463-BC03-90808CAB5D24.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F024895-AF24-4D5D-8D70-AE0C971B847D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS71344F87-F302-448D-B34C-29802F5BF737.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72C35C12-92E8-4062-8454-658EB4CB2FCC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72E5A4F5-7F62-4860-A230-6BD5A14EE2E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7397D4CB-B13B-421A-8FD8-ACD9C3636BF7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76B34935-ACAC-4D1F-AFCC-53D785CF46D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS77D65CBF-60F5-47B6-A2DC-AECFDEEB1568.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78381208-C41F-418A-BCD4-56BC19E52E9A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS794BA2CE-EBAD-488A-8182-EEBC3FD97CB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B6BAE00-5488-4CB5-84AF-04C0916ADF5C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F91BAA1-AD5D-4A08-BF5F-7BE3671D96A0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS83C3EA96-9D4B-4EC7-B284-67447C1AAF79.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85F56392-FD9D-4895-9A2B-66CF1A4217EF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D6F26E8-A422-46EF-AF08-CD39E7746736.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E574F13-2F6B-4467-AEC0-9CA95617EF2A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90B9EA7A-C4EA-45EF-A585-2E65F2429822.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS995E6941-54A5-47DF-8903-0D540976020F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99FCF5A2-BE96-4478-AC0F-B58E00D97F16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B43BD9F-4C42-48BF-920E-6D7AF0ACE68A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9FCD4507-987F-4E3A-A01A-97898B72824E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1BCC106-375C-4C56-B05F-8632D2D99E0F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4521331-CBF8-4F5D-AE23-57ADA1D0A274.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA710A2CC-E331-46C0-BE3E-F9A344A78B31.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7ADD44C-289F-4F46-8B20-6AB02FCE5C81.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB42B633-632A-4784-B99D-91697481FF8B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFB834DC-2F25-40F8-B363-A31A922B58DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFF1A4E5-2B68-47F5-83D0-B1E290CC909B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1235817-59F5-4716-9FD3-61A7B4995752.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4A3FC6B-1A7F-4E5C-A77C-7AA7D0D56431.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB68BC7F5-8103-415C-8EBE-38E7ED5B0166.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA78E613-F263-4B23-9D9B-95FFBFA68B29.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD1C7FC3-37D2-41AF-84E8-1A228DD0BE7E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBE299DD6-FBD2-471B-9262-2D8680549CC8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFF07223-485C-45A3-984C-31AE137DE8CC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC1FC6D3E-7278-4B32-9FF4-2935FAD1954D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2209784-4AC0-4D7F-81FC-1294F239D90D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC51C5FE1-563C-4E31-B422-54CB6246847C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8F084CB-1BE5-4384-A714-2D0682439983.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEE76CCB-FC68-4B31-B5EE-32AB6BF06612.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEFA5C17-2AE3-4E31-B871-2A53C9B07E5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7FBF165-9F8E-4DB8-8E62-BC1B25117759.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD86DDC96-1CE7-43B2-A621-4B944202A2EB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDBD2D86A-319E-4C8D-807C-FB0271155EA1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE08BCAA0-2E3F-4A7B-BDCC-F31CC4494161.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE28C93C1-924A-4679-966F-FA51703A0C80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4AD02F0-78D3-4BA2-A18B-BA718EA26D56.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF19C28A8-FA06-457E-8AE6-5B362C07A54C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3D0BD11-54A6-4B15-ABCC-0DD1558DD6BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8B336D2-D6EC-4F1F-9578-9FA545CA60F2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF969F14F-118D-477E-B913-2D61BEE87B67.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF4651EF-9BBA-42A8-B568-731162C533B8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1C.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B8.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3FA.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\40.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\407.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\4A.tmp Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP230\A0025973.dll Infected: Packed.Win32.Klone.t skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP232\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A6F8D92B-2612-4B15-A67B-959A7EF3199C}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8A85B3F9-30DE-437B-A885-FB131C239100}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2e8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54E23252 Infected: Trojan-Downloader.Win32.Small.ij skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55AC5D73 Infected: Backdoor.Win32.Delf.da skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4316663C Infected: Trojan.Win32.Delf.d skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55B0076F Infected: Trojan-Proxy.Win32.WinGater skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58DD5DF0.dll Infected: Trojan.Win32.Delf.d skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\59696B56 Infected: Email-Worm.Win32.Sobig.e skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6B1E0FDA.exe Infected: Backdoor.Win32.Delf.da skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\750E52EB Infected: Trojan-Proxy.Win32.WinGater skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5/Deftone.class Infected: Trojan.Java.ClassLoader.c skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5/VerifierBug.class Infected: Trojan.Java.ClassLoader.u skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5 ZIP: infected - 3 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02EF43A5 CryptFF: infected - 3 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96/Beyond.class Infected: Trojan.Java.Needy.a skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96 ZIP: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\02FC6B96 CryptFF: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03023F8F Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/WebCounter.class Infected: Trojan.Java.ClassLoader.c skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B/a.class Infected: Trojan.Java.Shiwow skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B ZIP: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\03405D4B CryptFF: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/WebCounter.class Infected: Trojan.Java.ClassLoader.c skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8/a.class Infected: Trojan.Java.Shiwow skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8 ZIP: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\35E252A8 CryptFF: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C ZIP: infected - 2 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\036B7F1C CryptFF: infected - 2 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8 ZIP: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038B22F8 CryptFF: infected - 4 skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\038F4CF5 Infected: Trojan.Java.ClassLoader.Dummy.e skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40A62297 Infected: Trojan.Java.ClassLoader.Dummy.c skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7FA47211 Infected: Exploit.Java.ByteVerify skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B783023 Infected: Trojan-Proxy.Win32.WinGater skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C5B09E3.htm Infected: Exploit.HTML.Mht skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05366802.htm Infected: Exploit.HTML.Mht skipped
E:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D984C5B.exe Infected: Email-Worm.Win32.Bagle.g skipped
E:\desktop stuff\New Folder\Ahead.Nero.Burning.ROM.v6.6.0.3.Ultra.Edition.Incl.Keygen.WORKING-ORiON\Keygen.exe Object is locked skipped

Scan process completed.
[ + quote]
Niobis
Senior Member
_ 		27. November 2006 @ 22:36 _ Link to this message    Send private message to this user   
Heh, yeah, one of those is serious. The backdoor Delf.d and Delf.da are something to worry about. Backdoors allow others control over the computer and anything could have been changed without your knowing about it. Meaning your computer's security could be compromised.

There is good new though. Normally, when someone has a backdoor it is recommended that the computer be reformatted, but I don't think that is necessary in your case. I don't think it's that serious. Also, everything looks like it is in a quarantine or in the System Restore folder. Meaning nothing is getting out to become active.

Go here and download CCleaner.
Note: If you do not want Yahoo! Toolbar uncheck the option when installing.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Close all windows.
Click Cleaner > Run Cleaner.

I'm a bit confused why Norton's quarantine folder is still on your computer. I'm assuming you uninstalled Norton since it is not showing in your HjT log. In the case that you did uninstall it, you can just delete the quarantine folder. If you didn't uninstall Norton, just empty the quarantine.

Empty Spy Sweeper's and Trend Micro's quarantine also.

Then, clean the System Restore folder by turning it off.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply, then OK.
Restart and turn System Restore back on.

I would like to be sure nothing else is present, so let's run one last scan.

Go here to run ActiveScan.
Click "Panda ActiveScan.
Fill in the form with your information.
After downloading, click My Computer to scan.
When it finishes, click "See Report".
Click "Save report" and save it to the desktop.

If anything other than cookies is found post the log. Otherwise, you will be clean. :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 27. November 2006 @ 22:39
bigQfan
Suspended due to non-functional email address
_ 		29. November 2006 @ 01:56 _ Link to this message    Send private message to this user   
ok...here is the latest...lemme know what you think

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@serving-sys[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\jeff\Cookies\jeff@zedo[1].txt
Adware:Adware/WebSearch Not disinfected C:\Documents and Settings\jeff\My Documents\backups\backup-20061127-185646-475.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jeff\My Documents\filez4\setupz\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\jeff\My Documents\filez4\setupz\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QXECG6RL\SmitfraudFix[1].zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\LocalService\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\tess\Cookies\tess@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\tess\Cookies\tess@hitbox[1].txt
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Possible Virus. Not disinfected C:\VundoFix Backups\vtsqp.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hgghihe.dll

also wanted to ask, i have this Trend-Micro running at all times, yet it let me get the Vundo thing to begin with. Is Trend-Micro pretty much worthless?

you have been a great help and i really appreciate it. thank you
[ + quote]
Niobis
Senior Member
_ 		29. November 2006 @ 06:02 _ Link to this message    Send private message to this user   
You're welcome. :)

Looking better, just some cookies, a couple backups and one Vundo file left.

Double-click VundoFix.exe to run it.
Right click inside the white Window.
Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
In the Window: copy/paste the following in the first field: C:\WINDOWS\system32\hgghihe.dll
Copy/paste the following in the second field: C:\WINDOWS\system32\hgghihe.*
Click the Add Files button.
Click the Close Window button.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.


Run CCleaner to clean the cookies.

Delete these folders to remove the backups.
C:\Documents and Settings\jeff\My Documents\backups
C:\VundoFix Backups

You'll be clean after that.


Quote:
i have this Trend-Micro running at all times, yet it let me get the Vundo thing to begin with. Is Trend-Micro pretty much worthless?
No, I wouldn't say it's worthless. Vundo is the number 2 most common infection going around right now, so you're not alone. It can get past almost all anti-virus programs. You just have to be more careful online. ;) Or better yet, switch to Firefox. The reason Vundo is allowed to infect is because of Internet Explorer, if you wasn't using IE, you probably wouldn't have gotten Vundo...just a thought. :)
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Advertisement
_ 		__
 
_
bkf
Suspended due to non-functional email address
_ 		29. November 2006 @ 08:11 _ Link to this message    Send private message to this user   
"I wonder where Vundo went" Line from Apollo 13 movie
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help-hjt log included
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork