Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NetWorm-i problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Linkmaster » October 28th, 2006, 7:41 am

Not a problem, I understand !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Advertisement
Register to Remove

As requested

Unread postby OliverX669 » November 1st, 2006, 9:13 am

Hi Linkmaster,

All instructions carried out, heres the Kapersky log file, HijackThis log file follows in separate post.

Regards,

Oliver


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 01, 2006 11:55:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/11/2006
Kaspersky Anti-Virus database records: 236936
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 102701
Number of viruses found: 13
Number of infected objects: 58 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:58:55

Infected Object Name / Virus Name / Last Action
C:\Applications\Tool\Home Cinema\MusicMatch\Enu\MMSetup.exe/EXE-file/WMFDist/WMFDist.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Applications\Tool\Home Cinema\MusicMatch\Enu\MMSetup.exe/EXE-file Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Applications\Tool\Home Cinema\MusicMatch\Enu\MMSetup.exe Embedded EXE: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Diction.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\profleecep00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\profleece pet.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\profleece pet.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\profleecepet Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\Profleece pet.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prism\d43d7e66 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09406A19.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42E9560B.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EC70F09.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63885C30.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A24BC5.exe Infected: Trojan-Downloader.Win32.Zlob.atp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A575C2.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\Documents and Settings\CRAIG\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CRAIG\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CRAIG\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\JET3217.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\~DF3436.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\~DF3889.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\~DFD01B.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temporary Internet Files\Content.IE5\WHYJ4XM7\Install_Messenger_nous[1].exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Documents and Settings\CRAIG\ntuser.dat Object is locked skipped
C:\Documents and Settings\CRAIG\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\gobackio.bin Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\UK\forms.fdb Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\UK\static Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\altlog.txt Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjblog.txt Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Update\MMJB\WMFDist\WMFDist.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0300NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0657NAV~.TMP Object is locked skipped
C:\Program Files\Windows Media Connect\Redist\wmfdist95.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP181\A0083092.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094441.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094468.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094469.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094492.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094493.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094494.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094495.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094496.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094497.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094498.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094499.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094500.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094501.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094502.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094503.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0095463.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0095469.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096468.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096469.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096470.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096529.exe Infected: Trojan-Downloader.Win32.Zlob.atp skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP231\A0097612.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP232\A0097654.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP232\A0097685.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP232\A0097692.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP233\A0097748.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP233\A0098723.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP233\A0098790.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP237\A0100815.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP241\A0102842.dll Infected: not-a-virus:AdWare.Win32.ProtectionBar.g skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP241\A0102843.exe Infected: Trojan-Downloader.Win32.Zlob.anl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP259\A0112218.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP259\A0112220.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP259\A0112221.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP273\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\I386\Media Player 10\mp10setup.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\I386\WEXTRACT.EX_ CAB: infected - 1 skipped
C:\WINDOWS\Installer\WinRMSrv.msi/WinRMSrv.Cab/wmfdist95.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\Installer\WinRMSrv.msi/WinRMSrv.Cab Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\Installer\WinRMSrv.msi Embedded: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{618BDB84-9A96-4D88-83BA-8A1924BEA731}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\wextract.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wextract.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

As requested

Unread postby OliverX669 » November 1st, 2006, 9:15 am

Hi Linkmaster,

All instructions carried out, heres the Kapersky log file, HijackThis log file follows in separate post.

Regards,

Oliver


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 01, 2006 11:55:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/11/2006
Kaspersky Anti-Virus database records: 236936
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 102701
Number of viruses found: 13
Number of infected objects: 58 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:58:55

Infected Object Name / Virus Name / Last Action
C:\Applications\Tool\Home Cinema\MusicMatch\Enu\MMSetup.exe/EXE-file/WMFDist/WMFDist.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Applications\Tool\Home Cinema\MusicMatch\Enu\MMSetup.exe/EXE-file Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Applications\Tool\Home Cinema\MusicMatch\Enu\MMSetup.exe Embedded EXE: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Diction.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\profleecep00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\profleece pet.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\profleece pet.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\profleecepet Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\Profleece pet.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prism\d43d7e66 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-11-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09406A19.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42E9560B.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EC70F09.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63885C30.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A24BC5.exe Infected: Trojan-Downloader.Win32.Zlob.atp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70A575C2.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\Documents and Settings\CRAIG\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CRAIG\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\CRAIG\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\JET3217.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\~DF3436.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\~DF3889.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temp\~DFD01B.tmp Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CRAIG\Local Settings\Temporary Internet Files\Content.IE5\WHYJ4XM7\Install_Messenger_nous[1].exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Documents and Settings\CRAIG\ntuser.dat Object is locked skipped
C:\Documents and Settings\CRAIG\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\gobackio.bin Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\UK\forms.fdb Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\UK\static Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\altlog.txt Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjblog.txt Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Update\MMJB\WMFDist\WMFDist.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0300NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0657NAV~.TMP Object is locked skipped
C:\Program Files\Windows Media Connect\Redist\wmfdist95.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP181\A0083092.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094441.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094468.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094469.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094492.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094493.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094494.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094495.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094496.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094497.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094498.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094499.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094500.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094501.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094502.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0094503.exe Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0095463.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP228\A0095469.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096468.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096469.dll Infected: Trojan-Downloader.Win32.Zlob.atl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096470.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP229\A0096529.exe Infected: Trojan-Downloader.Win32.Zlob.atp skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP231\A0097612.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP232\A0097654.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP232\A0097685.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP232\A0097692.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP233\A0097748.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP233\A0098723.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP233\A0098790.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP237\A0100815.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP241\A0102842.dll Infected: not-a-virus:AdWare.Win32.ProtectionBar.g skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP241\A0102843.exe Infected: Trojan-Downloader.Win32.Zlob.anl skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP259\A0112218.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP259\A0112220.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP259\A0112221.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{5213C6C8-C5FB-4B14-9A3A-99B6A995BB99}\RP273\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\I386\Media Player 10\mp10setup.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\I386\WEXTRACT.EX_/wextract.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\I386\WEXTRACT.EX_ CAB: infected - 1 skipped
C:\WINDOWS\Installer\WinRMSrv.msi/WinRMSrv.Cab/wmfdist95.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\Installer\WinRMSrv.msi/WinRMSrv.Cab Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\Installer\WinRMSrv.msi Embedded: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{618BDB84-9A96-4D88-83BA-8A1924BEA731}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\wextract.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wextract.exe Infected: Backdoor.Win32.Hupigon.cvx skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

HijackThis log file

Unread postby OliverX669 » November 1st, 2006, 9:17 am

Heres the log file of the scan after the deletions you requested, I really appreciate all the trouble you're going to on my behalf, many many thanks

Oliver

Logfile of HijackThis v1.99.1
Scan saved at 10:46:18, on 01/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1140625607\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\BT Voyager Wireless Adapter\PRISMCFG.EXE
C:\Program Files\Norton GoBack\GBTray.exe
c:\program files\common files\aol\1140625607\ee\services\antiSpywareApp\ver2_0_29_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1140625607\ee\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140625607\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm491YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?c97588f7ee944921968fa2575c1362b8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?c97588f7ee944921968fa2575c1362b8
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {1096842F-FEE8-11D2-965E-0010E3622565} (IFS_Lib00) - http://roylinedirect.rbs.co.uk/dbpc2/co ... FS_RYD.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {1E89A357-CF86-11D1-8CAE-00805F93E2D7} (IFS_Wizard1 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz01.cab
O16 - DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} (IFS_Lib04) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb04.cab
O16 - DPF: {29166FB6-2AD6-11D2-8DB7-0001FAF8D270} (IFS_Wizard6 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz06.cab
O16 - DPF: {498439C0-0921-11D3-9484-0001FAF8503C} (IFS_Lib10) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb10.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {4DE7E614-E69B-11D2-947C-0001FAF8503C} (IFS_Lib07) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb07.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz05.cab
O16 - DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} (IFS_Lib08) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb08.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz02.cab
O16 - DPF: {6A863F66-CA4A-11D2-9FF9-0004ACF74B57} (IFS_Lib05) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb05.cab
O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_List.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {74545298-2152-11D2-8D16-0004ACF74B57} (IFS_Wizard3 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz03.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb01.cab
O16 - DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} (IFS_Lib13) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb13.cab
O16 - DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} (IFS_Lib12) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb12.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B37DB118-5623-11D3-8769-0010E36241AE} (IFS_Wizard9 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz09.cab
O16 - DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} (IFS_Lib16) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb16.cab
O16 - DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} (IFS_Lib02) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Lb02.cab
O16 - DPF: {C1BA9623-F27F-11D2-947D-0001FAF8503C} (IFS_Lib11) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb11.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb03.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz07.cab
O16 - DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} (IFS_Lib14) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb14.cab
O16 - DPF: {DF3AA904-233E-11D3-9495-0001FAF8503C} (IFS_Lib17) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb17.cab
O16 - DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} (IFS_Lib06) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb06.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz04.cab
O16 - DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} (IFS_Service Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Serv.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

Unread postby Linkmaster » November 1st, 2006, 11:58 am

Download and Extract ComboFix to your Desktop
Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Read the Disclaimer and make sure you have closed ALL open Windows, other than ComboFix, then hit Y to continue
You may receive the following message : Follow its instructions then let me know you got it

COMSPEC ERROR !!!

THE ABOVE ENVIRONMENT VARIABLE WAS FOUND TO BE CORRUPT.

ComboFix has attempted repair & will need to be restarted.
Please run ComboFix again & inform the person helping you

Press any key to exit


When finished, it will produce a log for you

Post a fresh HijackThis log along with the ComboFix log here

NOTE: Please inform your son that as long as he is using any form of Peer-to-Peer networking and downloading files from non-documented sources, he can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. He may continue to use P2P sharing at his own risk; however, please keep in mind that this practice may be the source of his current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :

Clean/Infected P2P Programs
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

HijackThis log

Unread postby OliverX669 » November 3rd, 2006, 9:12 am

Hiya Linkmaster,

Sorry for the delay, heres the new HijackThis log ComboFix log follows.

Regards,

Oliver

Logfile of HijackThis v1.99.1
Scan saved at 13:07, on 06-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BT Voyager Wireless Adapter\PRISMCFG.EXE
C:\Program Files\Norton GoBack\GBTray.exe
c:\program files\common files\aol\1140625607\ee\services\antiSpywareApp\ver2_0_29_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\AOL\1140625607\ee\aolsoftware.exe
c:\program files\common files\aol\1140625607\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140625607\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm491YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?c97588f7ee944921968fa2575c1362b8
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?c97588f7ee944921968fa2575c1362b8
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1096842F-FEE8-11D2-965E-0010E3622565} (IFS_Lib00) - http://roylinedirect.rbs.co.uk/dbpc2/co ... FS_RYD.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {1E89A357-CF86-11D1-8CAE-00805F93E2D7} (IFS_Wizard1 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz01.cab
O16 - DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} (IFS_Lib04) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb04.cab
O16 - DPF: {29166FB6-2AD6-11D2-8DB7-0001FAF8D270} (IFS_Wizard6 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz06.cab
O16 - DPF: {498439C0-0921-11D3-9484-0001FAF8503C} (IFS_Lib10) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb10.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {4DE7E614-E69B-11D2-947C-0001FAF8503C} (IFS_Lib07) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb07.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz05.cab
O16 - DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} (IFS_Lib08) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb08.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz02.cab
O16 - DPF: {6A863F66-CA4A-11D2-9FF9-0004ACF74B57} (IFS_Lib05) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb05.cab
O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_List.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {74545298-2152-11D2-8D16-0004ACF74B57} (IFS_Wizard3 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz03.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb01.cab
O16 - DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} (IFS_Lib13) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb13.cab
O16 - DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} (IFS_Lib12) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb12.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {B37DB118-5623-11D3-8769-0010E36241AE} (IFS_Wizard9 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz09.cab
O16 - DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} (IFS_Lib16) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb16.cab
O16 - DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} (IFS_Lib02) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Lb02.cab
O16 - DPF: {C1BA9623-F27F-11D2-947D-0001FAF8503C} (IFS_Lib11) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb11.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb03.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz07.cab
O16 - DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} (IFS_Lib14) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb14.cab
O16 - DPF: {DF3AA904-233E-11D3-9495-0001FAF8503C} (IFS_Lib17) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb17.cab
O16 - DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} (IFS_Lib06) - http://roylinedirect.rbs.co.uk/dbpc2/co ... S_Lb06.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Wz04.cab
O16 - DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} (IFS_Service Control) - http://roylinedirect.rbos.co.uk/dbpc2/c ... S_Serv.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9456B018-3A81-4596-8475-6DDD20E1DA88}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

ComboFix log

Unread postby OliverX669 » November 3rd, 2006, 9:14 am

Hello Linkmaster,

Log file.

Oliver

CRAIG - 06-11-03 12:53:15.42 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\ComboFix"

((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 ))))))))))))))))))))))))))))))))))


2006-10-20 10:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-03 09:13 -------- d-------- C:\Program Files\Actinic Ecommerce v6
2006-11-02 15:31 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-02 11:30 -------- d-------- C:\Program Files\Napster
2006-11-02 09:46 48824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-02 09:46 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-02 09:46 -------- d-------- C:\Program Files\Symantec
2006-11-02 09:37 -------- d-------- C:\Program Files\MSN
2006-11-02 09:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-02 09:34 -------- d-------- C:\Program Files\Creative
2006-11-02 09:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-01 08:52 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-31 15:23 1208 --a------ C:\Documents and Settings\CRAIG\Application Data\wklnhst.dat
2006-10-30 10:47 -------- d-------- C:\Program Files\LimeWire
2006-10-27 12:01 -------- dr-h----- C:\Documents and Settings\CRAIG\Application Data\yahoo!
2006-10-26 16:45 -------- d---s---- C:\Documents and Settings\CRAIG\Application Data\Microsoft
2006-10-25 16:11 -------- d-------- C:\Documents and Settings\CRAIG\Application Data\Adobe
2006-10-25 12:43 -------- d-------- C:\Program Files\Yahoo!
2006-10-21 11:00 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-10-17 02:00 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 07:00 -------- d-------- C:\Documents and Settings\CRAIG\Application Data\AVG7
2006-10-13 07:51 -------- d-------- C:\Program Files\Common Files
2006-09-26 13:38 -------- d-------- C:\Program Files\Enigma Software Group
2006-09-25 12:19 -------- d-------- C:\Program Files\Mutilate File Wiper
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-06 15:40 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-06 13:30 -------- d-------- C:\Documents and Settings\CRAIG\Application Data\BitTorrent
2006-09-05 18:52 -------- d-------- C:\Program Files\AOL 9.0
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-07 15:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 15:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"Keyboard Status"="C:\\PROGRA~1\\Medion\\KeyStat\\KeyStat.exe"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"MimBoot"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mimboot.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PDUiP6600DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6600D\\PDUiP6600DMon.exe"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140625607\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\system32\\PRISMSVR.EXE\" /APPLY"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P30 \"EPSON Stylus Photo R220 Series\" /O6 \"USB002\" /M \"Stylus Photo R220\""
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\AVG AntiSpyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061101-104445-877
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
backup-20061101-104445-794
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - CRAIG.job

Completion time: 06-11-03 12:54:42.20
C:\ComboFix.txt ... 06-11-03 12:54
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

ComboFix log

Unread postby OliverX669 » November 3rd, 2006, 9:44 am

Hello Linkmaster,

Log file.

Oliver

CRAIG - 06-11-03 12:53:15.42 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\ComboFix"

((((((((((((((((((((((((((((((( Files Created from 2006-10-03 to 2006-11-03 ))))))))))))))))))))))))))))))))))


2006-10-20 10:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-03 09:13 -------- d-------- C:\Program Files\Actinic Ecommerce v6
2006-11-02 15:31 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-02 11:30 -------- d-------- C:\Program Files\Napster
2006-11-02 09:46 48824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-02 09:46 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-02 09:46 -------- d-------- C:\Program Files\Symantec
2006-11-02 09:37 -------- d-------- C:\Program Files\MSN
2006-11-02 09:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-02 09:34 -------- d-------- C:\Program Files\Creative
2006-11-02 09:34 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-01 08:52 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-31 15:23 1208 --a------ C:\Documents and Settings\CRAIG\Application Data\wklnhst.dat
2006-10-30 10:47 -------- d-------- C:\Program Files\LimeWire
2006-10-27 12:01 -------- dr-h----- C:\Documents and Settings\CRAIG\Application Data\yahoo!
2006-10-26 16:45 -------- d---s---- C:\Documents and Settings\CRAIG\Application Data\Microsoft
2006-10-25 16:11 -------- d-------- C:\Documents and Settings\CRAIG\Application Data\Adobe
2006-10-25 12:43 -------- d-------- C:\Program Files\Yahoo!
2006-10-21 11:00 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-10-17 02:00 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 07:00 -------- d-------- C:\Documents and Settings\CRAIG\Application Data\AVG7
2006-10-13 07:51 -------- d-------- C:\Program Files\Common Files
2006-09-26 13:38 -------- d-------- C:\Program Files\Enigma Software Group
2006-09-25 12:19 -------- d-------- C:\Program Files\Mutilate File Wiper
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-06 15:40 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-06 13:30 -------- d-------- C:\Documents and Settings\CRAIG\Application Data\BitTorrent
2006-09-05 18:52 -------- d-------- C:\Program Files\AOL 9.0
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-07 15:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 15:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
@=""
"Keyboard Status"="C:\\PROGRA~1\\Medion\\KeyStat\\KeyStat.exe"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"MimBoot"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mimboot.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"RemoteControl"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PDUiP6600DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6600D\\PDUiP6600DMon.exe"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140625607\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PRISMSVR.EXE"="\"C:\\WINDOWS\\system32\\PRISMSVR.EXE\" /APPLY"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P30 \"EPSON Stylus Photo R220 Series\" /O6 \"USB002\" /M \"Stylus Photo R220\""
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"BearShare"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\AVG AntiSpyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061101-104445-877
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
backup-20061101-104445-794
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - CRAIG.job

Completion time: 06-11-03 12:54:42.20
C:\ComboFix.txt ... 06-11-03 12:54
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

Unread postby Linkmaster » November 3rd, 2006, 12:13 pm

One more pass:

Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log and the Kaspersky Virus Scan Log here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Sorry for the delay

Unread postby OliverX669 » November 13th, 2006, 7:57 am

Hello Linkmaster,

Hope to carry out your last instructions tomorrow, I've not been able to get to son's pc before, sorry.

Kind regards,

Oliver
OliverX669
Regular Member
 
Posts: 15
Joined: September 30th, 2006, 6:52 am
Location: United Kingdom

Unread postby Linkmaster » November 13th, 2006, 1:27 pm

OK
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby Nellie2 » November 29th, 2006, 5:37 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware