my system is infected -=help plz=-

alexCali

my PC performance slowed down really bad .. i have to reboot most of the time when it freezez. here the HJT log please i'll b very thankful for any help.

Logfile of HijackThis v1.99.0
Scan saved at 7:33:01 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A28906F-AAE1-600F-7D16-568C0DD268EC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {89B48FAB-41AB-7DD4-AFF0-92AA2ACE4962} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188622048578
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

gringo_pr

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still on training, everything that I post to you, must be checked by one of the teachers. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

: older version of hijackthis :
You are using an older version of hijackthis please uninstall the old version

• 1. click on start
  2. then go to settings
  3. after that you need control panel
  4. look for the icon add remove programs

choose hijackthis and click on remove

install hijackthis

• Download HJTInstall.exe to your Desktop.
• Doubleclick HJTInstall.exe to install it.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

: information and logs :

In your next post I need the following

• 1.new log from the new hijackthis
  
• 2.uninstall list from hijackthis

Gringo

alexCali

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:14 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A28906F-AAE1-600F-7D16-568C0DD268EC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {89B48FAB-41AB-7DD4-AFF0-92AA2ACE4962} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188622048578
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6383 bytes
========================================================================
Acoustica MP3 CD Burner
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
BPS Spyware Remover 9.3.0.8
BPS Spyware-Adware Remover 8.2.0.9
CC_ccStart
ccCommon
CCScore
Crazy Tetris v.2.2
Creative PC-CAM Center Lite
Creative WebCam Monitor
Creative WebCam NX Driver (1.02.01.0827)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Google Toolbar for Internet Explorer
HandyAvi 1.7
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Imikimi Plugin
Intel(R) Extreme Graphics Driver
InterActual Player
InterVideo WinDVD 6
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
kgcbase
Kodak EasyShare software
LeadTool
LimeWire 4.10.9
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI Edition (English) 12 [pre-release]
Microsoft Office Excel Add-in for SQL Server Analysis Services
Microsoft Office Excel MUI Edition (English) 12 [pre-release]
Microsoft Office InfoPath MUI Edition (English) 12 [pre-release]
Microsoft Office Outlook MUI Edition (English) 12 [pre-release]
Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release]
Microsoft Office Professional Edition 12 [pre-release]
Microsoft Office Professional Enterprise Edition 12 [pre-release]
Microsoft Office Proof Edition (English) 12 [pre-release]
Microsoft Office Publisher MUI Edition (English) 12 [pre-release]
Microsoft Office Shared MUI Edition (English) 12 [pre-release]
Microsoft Office Word MUI Edition (English) 12 [pre-release]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Professional 2002 SR-1 [English]
Microsoft Visual C++ 6.0 Introductory Edition
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Works 7.0
mIRC
MSN Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
My Search Bar
Nero 7 Demo
netbrdg
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton Security Scan
Norton WMI Update
OfotoXMI
OpenSSL 0.9.8e Light
PartyPoker
PCDADDIN
PCDHELP
PCDrdsho
Picture Package
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SFR
SFR2
SHASTA
skin0001
SKINXSDK
Sony USB Driver
staticcr
Steam
Symantec Script Blocking Installer
SymNet
System Monitor for Windows 98/NT/XP/2000/2003
tooltips
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URL Display
USB MassStorage CardReader
VIA Audio Driver Setup Program
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Safety Scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WIRELESS
Yahoo! extras
Yahoo! Install Manager
Yahoo! Toolbar

gringo_pr

Hello alexCali

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links:

http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire, however that choice is up to you.

If you wish to keep it, please do not use it until your computer is cleaned.

Party Poker

The sites where you play these programs are sometimes vectors for malware to enter in your system. I recommend that if you play this game, consider this cleaner and free alternative: http://www.pokerstars.net

:uninstall some programs:

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs

Adobe Reader 7.0.5
BPS Spyware Remover 9.3.0.8
BPS Spyware-Adware Remover 8.2.0.9
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
LimeWire 4.10.9<---recomended
My Search Bar
PartyPoker

and click on remove

Reboot the computer

: Update Java :

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

• Download the latest version of Java(TM) SE Runtime Environment 6u4.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Then from your desktop double-click on the download to install the newest version.

: Update Adobe Reader

It looks like your version of Adobe Reader is out of date and you're vulnarable for infections.
Please download the newest version here:
http://www.adobe.com/uk/products/reader/

: Malwarebytes' Anti-Malware :
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.

:Run Kaspersky Online AV Scanner:
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply
Norton antivirus 2004 I notice you are using norton 2004 I would like to ask you if you still keep it updated or has it expired

: information and logs :

In your next post I need the following

• 1.more details as to what is wrong

• 2. log from Malwarebytes' Anti-Malware
  3. log from Kaspersky
  4. and a new hijackthis log
  5. let me know if things get better
  6. also tell me about norton

Gringo

alexCali

Malwarebytes' Anti-Malware 1.01
Database version: 304

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 122720
Time elapsed: 55 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
======================================================================
KASPERSKY ONLINE SCANNER REPORT
Friday, February 01, 2008 1:38:06 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/01/2008
Kaspersky Anti-Virus database records: 541974


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 101077
Number of viruses found 53
Number of infected objects 95
Number of suspicious objects 1
Duration of the scan process 02:08:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\077224824c002ab3e619e107e6e5dbed_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07a95216478588215f3ce5efac7fe117_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09d7b901df9f0d2892963a272cb88982_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b764b92fe39f13c086e6814258b2a3a_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fa47e664dc7836ba91ab2b9e5b5a2c9_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ff391b3a1f6dfd81d45e8f4069576c7_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13a9f7c590d70accf244fad2309f135b_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1411e838a9674cfc4a33d9730547c80c_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\149406817b6763960be05edc540ded5c_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a42d2a240673bbc869944572d319c01_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1db999d49a8578503405ee12d714b8d2_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2529685fc35f78e989d40add1da2e92d_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3594d0e8cd46233548a8e9c34844a375_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39cd94fd95ae7ac28ef64c86c335f4ed_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c5a77c545e34d909a3ceefc96544bed_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d9d843f1ecbc808d5eb0281fd7da2bc_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4718805491b39352557509461047271c_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48539c3a07d58e2742fc3b6044b058f9_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49f23c71a2ed09ef9c80786e705a408d_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a58816aaf79e9faef21767099dd8ffb_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d46fc76cde01a632114b2e4a87064aa_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\519c1ea32f24d41e27fc46274c129fe1_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\579a8cb92b5b7de3ce67ae236abaae80_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57d0db68ae381856e41e9a4e714a15e9_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e36216acfbaf37d4b03b6dad93d816a_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\616b7a56142c06fe273ac1264f38fd09_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bbbd3768ee677b9e92c355caf5e7ed2_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ca4303b27a474caf6b5ed67f077062b_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e4f0bf552a43abe48e8f9061df38776_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71611845c355dcd3373c89c8a9d343c7_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\739e9dce2f36879571dca63104cce178_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7721fc42e6b8934a6e23df738acf2564_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\779ca00d118c94c431470830225407fc_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ba88337f34872642b5fa5928cb63b0b_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f8df76c1acf49655ea9b588ca1e4cef_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80c4d39b5e836107d5ad335bb43712cd_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80f8270d38ab151d836d994d8cce0fc8_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\84893bdcdb5faafa7a4e2be342d53b34_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\852f8221c4c601dd8151175d92475e8f_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\853c55de2175fba626f9557b29379c72_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\893224ceb55b2e20619f71c34daaff6d_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\896960f1bd40380569595d81432b4b78_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cc4451ab1a439cd2a58b3dc74bdc18e_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91f95a68492d75db679e505cb2f87b8e_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98df87f3101e2ee7b0eafd132395fbbe_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9aa1ef51256ec246fa4fd1f5279dde1b_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9adb945810169dfcd4368f3c63bb935f_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d79fbdd8c2cb63e2b31138246510c61_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f41dbe4df6548179cca52f0891d1188_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0676f7a61d6d66de66accd259844bb0_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a629522c2e1518590d6a5b5db6e5fc9d_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6ae44087c4966daebf511be05603f45_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abe73c3d16654c938eeb1662b6ea59ca_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b22a29d778e93c9bc8ce4bec857b06b0_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3421dcc7a43e435213fe63cd8771acd_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b573bc53063ed47fa0aabd5dbd56bfc5_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc43a879e1689703842d201d8d7ebf11_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5699b031ce1a849780285fa99678f50_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ced2c2f1a1d32df4d590c2d645814684_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3be3760e8da69110a06537e4f67bf2e_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d748437208f8e2d9526ac5f585543e6d_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd9d1653355c9496e970027c2d493977_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e008a466945f7b58ee3f08a18c22281c_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1068233b5136ae5e7542cfed02e9717_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3d3f0949e922dc7fb087c2156abc32f_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4584959dea93cfaa3dd57e37c23228f_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e631ac58ef09ff0488e6e7d51661f5ab_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f64c44e640b159fb5de49dff8300f366_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9c18c0655bf27a7addf08884382d399_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc3607b83b26fbf8f6f821cc890a21ff_b9ca4d95-513f-4824-8ac2-99666a8540e2 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\VcOnlineSizeLive\regs obj.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped

C:\Documents and Settings\All Users\Application Data\VcOnlineSizeLive\secondtrans.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\31HF1KC7\d_16_0[1].txt Infected: Trojan.Win32.Golid.g skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C123S56V\a_5_0[1].txt Infected: Trojan.Win32.Agent.aw skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1a372978-419acc87.zip/web.exe Infected: Trojan-Downloader.Win32.Small.dmj skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1a372978-419acc87.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-4efa27fb.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-4efa27fb.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-588.dll Infected: Trojan.Win32.Golid.f skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-851.dll Infected: Trojan.Win32.Agent.aw skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-131740-387.dll Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20050527-140206-443.dll Infected: Trojan-Downloader.Win32.Swizzor.fg skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20051116-222708-382.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-620.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-993.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\Sharing Folders\mouline101@hotmail.com\Ad-Aware Pro 1.5 SE.rar/Ad-Aware Pro 1.5 SE.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\Sharing Folders\mouline101@hotmail.com\Ad-Aware Pro 1.5 SE.rar RAR: infected - 1 skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\SharingMetadata\Working\database_5890_DA3B_90DA_1EF6\dfsr.db Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\SharingMetadata\Working\database_5890_DA3B_90DA_1EF6\fsr.log Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\SharingMetadata\Working\database_5890_DA3B_90DA_1EF6\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\SharingMetadata\Working\database_5890_DA3B_90DA_1EF6\tmp.edb Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\miragebox@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\miragebox@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008013120080201\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Adstart.g skipped

C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Adstart.b skipped

C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Adstart.d skipped

C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Adstart.i skipped

C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe/stream Infected: not-a-virus:AdWare.Win32.Adstart.i skipped

C:\Documents and Settings\Owner\Local Settings\Temp\adlinstallwin32.exe NSIS: infected - 5 skipped

C:\Documents and Settings\Owner\Local Settings\Temp\iD6.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.a skipped

C:\Documents and Settings\Owner\Local Settings\Temp\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.nl skipped

C:\Documents and Settings\Owner\Local Settings\Temp\mirc63.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\Documents and Settings\Owner\Local Settings\Temp\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\Documents and Settings\Owner\Local Settings\Temp\mirc63.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped

C:\Documents and Settings\Owner\Local Settings\Temp\vcmpin.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped

C:\Documents and Settings\Owner\Local Settings\Temp\znunkaef.exe Infected: Packed.Win32.PolyCrypt.d skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF2BF2.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF2C45.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF43F3.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DF4407.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DFC7B9.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\~DFC7C7.tmp Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.rar/Ad-Aware Pro 1.5 SE.exe Infected: Trojan-Dropper.Win32.Delf.fd skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.rar RAR: infected - 1 skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\iMeshV5.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\iMeshV5.exe/WISE0039.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\iMeshV5.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.MyWay.k skipped

C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\iMeshV5.exe WiseSFX: infected - 3 skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\1450262A.exe Infected: Trojan-Dropper.Win32.Small.mr skipped

C:\Program Files\Norton AntiVirus\Quarantine\14535026.exe Infected: Trojan-Dropper.Win32.Small.mr skipped

C:\Program Files\Norton AntiVirus\Quarantine\14737402.exe Infected: Trojan-Downloader.Win32.Small.wj skipped

C:\Program Files\Norton AntiVirus\Quarantine\14771DFF.exe Infected: Trojan-Downloader.Win32.Small.wj skipped

C:\Program Files\Norton AntiVirus\Quarantine\18D32C8E Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\1B7F3A9D.class Infected: Trojan.Java.ClassLoader.ak skipped

C:\Program Files\Norton AntiVirus\Quarantine\1BE9508D Infected: Trojan.Win32.Agent.aw skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C230C1A Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C296013 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C2C64A7 Infected: Trojan.Win32.SecondThought.bf skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C3C3695 Infected: Trojan.Win32.SecondThought.bg skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C420A8E Infected: not-a-virus:AdWare.Win32.Apropos.b skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C46348A Infected: not-a-virus:AdWare.Win32.Apropos.b skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C495E87 Infected: Trojan.Win32.SecondThought.ao skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C4C0883 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C4F327F Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C535C7C/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C535C7C/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C535C7C/InpB/Ssk.exe Infected: Trojan.Win32.Agent.aj skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C535C7C/InpB Infected: Trojan.Win32.Agent.aj skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C535C7C CAB: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C535C7C CryptFF: infected - 4 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C560678/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C560678/WISE0007.BIN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C560678/WISE0007.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C560678 WiseSFX: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C560678 WiseSFXDropper: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C560678 CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\1F482A4F.wmf Infected: Exploit.Win32.IMG-WMF.u skipped

C:\Program Files\Norton AntiVirus\Quarantine\1F587C3D.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\29984E1C Infected: Trojan-Downloader.Win32.Apropo.d skipped

C:\Program Files\Norton AntiVirus\Quarantine\2F0A52D8 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\311A2B30.class Infected: Trojan.Java.Femad skipped

C:\Program Files\Norton AntiVirus\Quarantine\35280A1B Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\3A325ED1.class Infected: Trojan.Java.Femad skipped

C:\Program Files\Norton AntiVirus\Quarantine\4CAF7820 Infected: Trojan.Win32.SecondThought.ba skipped

C:\Program Files\Norton AntiVirus\Quarantine\4F7421D8.exe Infected: Backdoor.Win32.Jokerdoor skipped

C:\Program Files\Norton AntiVirus\Quarantine\71FE75A3 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\746D25B1.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\7AF1681A Infected: not-a-virus:AdWare.Win32.BetterInternet skipped

C:\Program Files\Norton AntiVirus\Quarantine\7D42255A Infected: Exploit.VBS.Phel.a skipped

C:\Program Files\Uninstall My Web Search.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{78480C6B-4207-406F-8302-52DF39651DAB}\RP824\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\actsetup.dll Infected: Trojan-Dropper.Win32.Agent.hn skipped

C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\WINDOWS\lbbho.dll Infected: not-a-virus:AdWare.Win32.RelatedLinks.a skipped

C:\WINDOWS\NDNuninstall4_85.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{1DD9309A-471C-4856-9048-BC0B10DCAED7}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\cp.exe Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b skipped

C:\WINDOWS\system32\CP18.exe Infected: Trojan-Downloader.Win32.Small.ahx skipped

C:\WINDOWS\system32\ddhzd.dll Infected: not-a-virus:AdWare.Win32.Adstart.g skipped

C:\WINDOWS\system32\ddhzdd.exe Infected: not-a-virus:AdWare.Win32.Adstart.i skipped

C:\WINDOWS\system32\ddhzdf.exe Infected: not-a-virus:AdWare.Win32.Adstart.d skipped

C:\WINDOWS\system32\drivers\.sys Infected: Trojan.Win32.Agent.aw skipped

C:\WINDOWS\system32\drivers\mzaxutii.sys Infected: Trojan.Win32.Agent.aw skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\sysmonnt.exe Suspicious: Backdoor.Win32.VB.aat skipped

C:\WINDOWS\system32\uuweobql.exe Infected: Trojan-Proxy.Win32.Agent.l skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\ѕеrvices.exe Infected: not-a-virus:AdWare.Win32.PurityScan.am skipped

C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped

C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
==================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:30 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {5A28906F-AAE1-600F-7D16-568C0DD268EC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {89B48FAB-41AB-7DD4-AFF0-92AA2ACE4962} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188622048578
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6558 bytes
===================================================================
my norton is in fact expired and everytime i try to update it it asks to pay and i really dun wanna do it. my computer is okay btw .. but will those infected files and viruses be a threat? thank you much for ur help.

gringo_pr

Hello alexCali

my norton is in fact expired and everytime i try to update it it asks to pay and i really dun wanna do it. my computer is okay btw .. but will those infected files and viruses be a threat? thank you much for ur help.

if you don't want to renew NORTON then we need to get a working antivirus on this computer as soon as possible
I suggest that you uninstall norton and download one of the free antivirus I have listed below

:uninstall norton:

• 1. click on start
  2. then go to settings
  3. after that you need control panel
  4. look for the icon add remove programs
  click on the following programs
  Norton AntiVirus 2004
  Norton AntiVirus 2004 (Symantec Corporation)
  Norton AntiVirus Parent MSI
  Norton Security Scan
  Norton WMI Update
  Symantec Script Blocking Installer
  and click on remove
  after you have uninstalled all of norton go -here- and run the norton removal tool
• 
  Please download a free anti-virus software from one these excellent vendors NOW:
  
  1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
  2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
  3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

Clean temp files

• Download and Run AFT Cleaner
  Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.
• 
  Under Main choose:
  Windows Temp
  Current User Temp
  All Users Temp
  Temporary Internet Files
  Prefetch
  Java Cache
  *The other boxes are optional*
  Then click the Empty Selected button.
• 
  if you use Firefox:
  Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
• 
  if you use Opera:
  Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  
  Click Exit on the Main menu to close the program

OTMoveIt2

• Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

  C:\Program Files\Norton AntiVirus\Quarantine
  C:\Documents and Settings\All Users\Application Data\VcOnlineSizeLive\regs obj.exe  
  C:\Documents and Settings\All Users\Application Data\VcOnlineSizeLive\secondtrans.exe  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-588.dll  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-851.dll  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-131740-387.dll  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20050527-140206-443.dll  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20051116-222708-382.dll  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-620.dll  
  C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-993.dll 
  C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\Sharing Folders\mouline101@hotmail.com\Ad-Aware Pro 1.5 SE.rar 
  C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.exe  
  C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.rar 
  C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\iMeshV5.exe 
  C:\Program Files\mIRC\mirc.exe  
  C:\Program Files\Uninstall My Web Search.dll  
  C:\WINDOWS\Downloaded Program Files\actsetup.dll  
  C:\WINDOWS\Downloaded Program Files\ysbactivex.dll  
  C:\WINDOWS\lbbho.dll  
  C:\WINDOWS\NDNuninstall4_85.exe  
  C:\WINDOWS\NDNuninstall6_38.exe 
  C:\WINDOWS\system32\cp.exe  
  C:\WINDOWS\system32\CP18.exe  
  C:\WINDOWS\system32\ddhzd.dll  
  C:\WINDOWS\system32\ddhzdd.exe  
  C:\WINDOWS\system32\ddhzdf.exe  
  C:\WINDOWS\system32\drivers\.sys  
  C:\WINDOWS\system32\drivers\mzaxutii.sys  
  C:\WINDOWS\system32\uuweobql.exe  
  

  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

  C:\WINDOWS\system32\??rvices.exe /U  
  

  • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
  Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

: Remove bad HijackThis entries

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  
  O2 - BHO: (no name) - {5A28906F-AAE1-600F-7D16-568C0DD268EC} - (no file)
  O2 - BHO: (no name) - {89B48FAB-41AB-7DD4-AFF0-92AA2ACE4962} - (no file)
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

: information and logs :

In your next post I need the following

• 1.the log from otmoveit2

• 2.a new hijackthis log

Gringo

gringo_pr

Hello

: three day bump :


It has been three days since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Trogan

This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

If you are not the user who started this thread, you must start your own Thread instead (grin)

Trogan

Thread reopened!

alexCali

the ATF cleaner link could not open for some reason .. that and the norton removal tool. I dunno it just times out after a while and gives an error page. but here's the rest of the logs u requested.


File/Folder C:\Program Files\Norton AntiVirus\Quarantine not found.
C:\Documents and Settings\All Users\Application Data\VcOnlineSizeLive\regs obj.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\VcOnlineSizeLive\secondtrans.exe moved successfully.
LoadLibrary failed for C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-588.dll
C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-588.dll NOT unregistered.
C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-588.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-851.dll
C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-851.dll NOT unregistered.
C:\Documents and Settings\Owner\Desktop\backups\backup-20050204-003656-851.dll moved successfully.
C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-131740-387.dll unregistered successfully.
File move failed. C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-131740-387.dll scheduled to be moved on reboot.
C:\Documents and Settings\Owner\Desktop\backups\backup-20050527-140206-443.dll unregistered successfully.
File move failed. C:\Documents and Settings\Owner\Desktop\backups\backup-20050527-140206-443.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\Documents and Settings\Owner\Desktop\backups\backup-20051116-222708-382.dll
C:\Documents and Settings\Owner\Desktop\backups\backup-20051116-222708-382.dll NOT unregistered.
C:\Documents and Settings\Owner\Desktop\backups\backup-20051116-222708-382.dll moved successfully.
C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-620.dll unregistered successfully.
C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-620.dll moved successfully.
C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-993.dll unregistered successfully.
C:\Documents and Settings\Owner\Desktop\backups\backup-20051128-183128-993.dll moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\miragebox@hotmail.com\Sharing Folders\mouline101@hotmail.com\Ad-Aware Pro 1.5 SE.rar moved successfully.
C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\Ad-Aware Pro 1.5 SE.rar moved successfully.
C:\Documents and Settings\Owner\My Documents\My Received Files\tkherbi9\iMeshV5.exe moved successfully.
C:\Program Files\mIRC\mirc.exe moved successfully.
C:\Program Files\Uninstall My Web Search.dll unregistered successfully.
C:\Program Files\Uninstall My Web Search.dll moved successfully.
C:\WINDOWS\Downloaded Program Files\actsetup.dll unregistered successfully.
C:\WINDOWS\Downloaded Program Files\actsetup.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll NOT unregistered.
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll moved successfully.
C:\WINDOWS\lbbho.dll unregistered successfully.
C:\WINDOWS\lbbho.dll moved successfully.
C:\WINDOWS\NDNuninstall4_85.exe moved successfully.
C:\WINDOWS\NDNuninstall6_38.exe moved successfully.
C:\WINDOWS\system32\cp.exe moved successfully.
C:\WINDOWS\system32\CP18.exe moved successfully.
C:\WINDOWS\system32\ddhzd.dll unregistered successfully.
C:\WINDOWS\system32\ddhzd.dll moved successfully.
C:\WINDOWS\system32\ddhzdd.exe moved successfully.
C:\WINDOWS\system32\ddhzdf.exe moved successfully.
C:\WINDOWS\system32\drivers\.sys moved successfully.
C:\WINDOWS\system32\drivers\mzaxutii.sys moved successfully.
C:\WINDOWS\system32\uuweobql.exe moved successfully.
[Custom Input]
< C:\WINDOWS\system32\??rvices.exe /U >
C:\WINDOWS\system32\ѕеrvices.exe moved successfully.

OTMoveIt2 v1.0.19 log created on 02132008_031622

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:04 AM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\_OTMoveIt\MovedFiles\02132008_031622\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {5A28906F-AAE1-600F-7D16-568C0DD268EC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {89B48FAB-41AB-7DD4-AFF0-92AA2ACE4962} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188622048578
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.0.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 6284 bytes

gringo_pr

just seen that this was reoped will get on this later today

gringo_pr

Hello alexCali

here is what I want you to do first
Click on start--->settings --->control panel--->internet options

now under browsing history click on delete
next to temporary internet files click on delete
then click yes

now lets try the rest

Clean temp files

• Download and Run AFT Cleaner
  Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
  from here http://www.atribune.org/ccount/click.php?id=1
  
  Double-click ATF Cleaner.exe to open it.
• 
  Under Main choose:
  Windows Temp
  Current User Temp
  All Users Temp
  Temporary Internet Files
  Prefetch
  Java Cache
  *The other boxes are optional*
  Then click the Empty Selected button.
• 
  if you use Firefox:
  Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
• 
  if you use Opera:
  Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

now try -here- and run the norton removal tool

:Remove bad HijackThis entries:

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  • R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: (no name) - {5A28906F-AAE1-600F-7D16-568C0DD268EC} - (no file)
    O2 - BHO: (no name) - {89B48FAB-41AB-7DD4-AFF0-92AA2ACE4962} - (no file)
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

:information and logs:

• In your next post I need the following
  • 1.new log from hijackthis
  • 2.let me know about ATF cleaner and the norton tool
    3.let me know how the computer is doing

Gringo

gringo_pr

Hello

: five day bump :


It has been five days since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Trogan

This topic is now closed due to inactivity.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

If you are not the user who started this thread, you must start your own Thread instead (grin)