Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I have a keylogger

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I have a keylogger

Unread postby keyloggervictim » October 22nd, 2007, 4:21 pm

Hi,
I play a MMORGP.
I recently got hacked and lost everything.
I didn't give my password, username or anything away.
But I did download a small game my friend made.
I'm pretty sure it had a keylogger.
So I need to get rid of it before I lose anything else.

Here is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 15:56:41, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Shredder\spshredder.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spam Shredder] C:\Program Files\Webroot\Shredder\spshredder.exe -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Samir\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/makinmag ... cTeleX.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://oreb.mlxchange.com/Control/Multi ... mboBox.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/supersta ... rTeleX.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://oreb.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://oreb.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/Ma ... eTeleX.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} - http://www.shockwave.com/content/thinkt ... adCtrl.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm
Advertisement
Register to Remove

Unread postby Katana » October 27th, 2007, 9:42 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Kaspersky Online Scanner .

Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby Gary R » November 4th, 2007, 5:25 am

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21861
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Unread postby ChrisRLG » November 8th, 2007, 7:34 pm

topic unlocked on email request.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Kaspersky Report

Unread postby keyloggervictim » November 8th, 2007, 7:42 pm

First, I just want to say thanks for re-opening my topic and also for replying to my topic.
Here is the Kaspersky Report you requested.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, November 08, 2007 8:05:51 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/11/2007
Kaspersky Anti-Virus database records: 453702
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 139236
Number of viruses found: 36
Number of infected objects: 156
Number of suspicious objects: 0
Duration of the scan process: 02:21:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\findnoundogbird\Wipe Bat.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\this keep.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19754da01aef26a7a7179f187eb5f4f1_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abbe6e3e749c06929674a651df572a55_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3475506_1058668544_15905 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBEF7.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{CEFDF3EB-748E-4BB2-8728-F8341C30B313}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ofelia\Application Data\hole frag bold\czqwgniz.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Application Data\hole frag bold\jlznxwxn.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Application Data\hole frag bold\ooze inter slow web.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Application Data\hole frag bold\PURE BASH SETUP.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Application Data\hole frag bold\pxxdnyat.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Application Data\hole frag bold\rdr internet love.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Local Settings\Temp\bis55.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Ofelia\Local Settings\Temp\staC.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Samir\.housecall\Quarantine\a.tmp.bac_a03812 Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Samir\.housecall\Quarantine\a.zip.bac_a03812/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Samir\.housecall\Quarantine\a.zip.bac_a03812 ZIP: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall\Quarantine\a.zip.bac_a03812 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\!! lewis melville !! (Unreleased).zip.bac_a03024/Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\!! lewis melville !! (Unreleased).zip.bac_a03024 ZIP: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\!! lewis melville !! (Unreleased).zip.bac_a03024 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\(live) lewis melville (RELOADED) Soul.zip.bac_a03024/Setup.exe Infected: Trojan-Dropper.Win32.Mudrop.du skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\(live) lewis melville (RELOADED) Soul.zip.bac_a03024 ZIP: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\(live) lewis melville (RELOADED) Soul.zip.bac_a03024 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\a.tmp.bac_a03812 Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\a.zip.bac_a03812/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\a.zip.bac_a03812 ZIP: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\a.zip.bac_a03812 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\aupd.exe.bac_a03024/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\aupd.exe.bac_a03024/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\aupd.exe.bac_a03024 NSIS: infected - 2 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\aupd.exe.bac_a03024 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\bis18.exe.bac_a03024 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\crtdcghcn.jar-46e7c0c1-7c72a8f7.zip.bac_a03024/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\crtdcghcn.jar-46e7c0c1-7c72a8f7.zip.bac_a03024 ZIP: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\crtdcghcn.jar-46e7c0c1-7c72a8f7.zip.bac_a03024 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\mmxsnet.exe.bac_a03024 Infected: not-a-virus:AdWare.Win32.MediaMotor.q skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\MSI.CAB.bac_a03024/_6227252443C841BF9FFDFF29A9856421 Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\MSI.CAB.bac_a03024 CAB: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\MSI.CAB.bac_a03024 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s3qo.c.exe.bac_a03024/data0003 Infected: Trojan-Downloader.Win32.Bomka.r skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s3qo.c.exe.bac_a03024 NSIS: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s3qo.c.exe.bac_a03024 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s408.2.exe.bac_a03024/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s408.2.exe.bac_a03024/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s408.2.exe.bac_a03024 NSIS: infected - 2 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\s408.2.exe.bac_a03024 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\SETCE.tmp.bac_a03024 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\SETD0.tmp.bac_a03024 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\UERS_0001_N85M0906NetInstaller.exe.bac_a03024 Infected: Trojan-Downloader.Win32.Agent.alr skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\UERS_9999_N91S2507NetInstaller.exe.bac_a03024 Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Samir\.housecall6.6\Quarantine\uninst.exe.bac_a03024 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Samir\Application Data\fretsonfire\fretsonfire.log Object is locked skipped
C:\Documents and Settings\Samir\Application Data\Webroot\Spy Sweeper\Backup\Startup\services.exe.bak Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\Documents and Settings\Samir\Application Data\Webroot\Spy Sweeper\Logs\SpySweeperLog.txt Object is locked skipped
C:\Documents and Settings\Samir\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Samir\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Samir\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Samir\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Samir\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Samir\ntuser.dat Object is locked skipped
C:\Documents and Settings\Samir\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Samir\Shared\Adobe Photoshop CS3 [Pt-Br] %252b Crack.zip/Setup.exe Infected: Trojan-Spy.Win32.Banker.fgw skipped
C:\Documents and Settings\Samir\Shared\Adobe Photoshop CS3 [Pt-Br] %252b Crack.zip ZIP: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\11F15642.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Program Files\Norton AntiVirus\Quarantine\1288619C.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Program Files\Norton AntiVirus\Quarantine\12B95767.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Program Files\Norton AntiVirus\Quarantine\133B66D7.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\Program Files\Norton AntiVirus\Quarantine\146122D4.ocx Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\16D5553C.exe Infected: Trojan-Downloader.Win32.VB.kq skipped
C:\Program Files\Norton AntiVirus\Quarantine\18D43ACA.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\1C7D6742.dll Infected: Trojan-Downloader.Win32.Zlob.aug skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FA2584C.dll Infected: Trojan-Downloader.Win32.Zlob.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\31335638.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
C:\Program Files\Norton AntiVirus\Quarantine\31335638.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\31360035.exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31360035.exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31360035.exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\31360035.exe Inno: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\31360035.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\31371936.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\31371936.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\31371936.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\31371936.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\31371936.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\31371936.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\31392A31.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\Program Files\Norton AntiVirus\Quarantine\31392A31.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\Program Files\Norton AntiVirus\Quarantine\313C542D.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\313C542D.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\313C542D.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\313C542D.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\313C542D.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\313C542D.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\331B1F88.dll Infected: Trojan-Downloader.Win32.Zlob.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\34D225B5.dll Infected: Trojan-Downloader.Win32.Zlob.aug skipped
C:\Program Files\Norton AntiVirus\Quarantine\37862003.ocx Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B251BFB.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\3B600FBA.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E791550.exe Infected: Trojan-Downloader.Win32.Agent.auv skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FAF5317.dll Infected: Trojan-Downloader.Win32.Zlob.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\43DC48E9.exe Infected: Trojan-Downloader.Win32.Small.dul skipped
C:\Program Files\Norton AntiVirus\Quarantine\527B41BE.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\Program Files\Norton AntiVirus\Quarantine\52853FB3.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\Program Files\Norton AntiVirus\Quarantine\532F46F8.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\Program Files\Norton AntiVirus\Quarantine\533C6EEA.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CC5171D.dll Infected: Trojan-Downloader.Win32.Zlob.aug skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FDE7F38.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FDE7F38.exe NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FDE7F38.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5FDE7F38.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\75AD28CF.exe Infected: Trojan-Downloader.Win32.Pakes skipped
C:\Program Files\Norton AntiVirus\Quarantine\76680A0A.ocx Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP530\A0174208.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP532\A0174290.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP532\A0174291.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP532\A0174292.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP534\A0174365.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176772.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176773.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176774.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176775.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176776.ocx Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176777.exe Infected: Trojan-Downloader.Win32.VB.kq skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176778.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176779.dll Infected: Trojan-Downloader.Win32.Zlob.aug skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176780.dll Infected: Trojan-Downloader.Win32.Zlob.ahg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176781.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176782.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176783.exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176783.exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176783.exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176783.exe Inno: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176783.exe CryptFF: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176784.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176784.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176784.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176784.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176784.exe WiseSFX: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176784.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176785.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176786.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176787.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176787.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176787.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176787.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176787.exe WiseSFX: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176787.exe CryptFF: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176788.dll Infected: Trojan-Downloader.Win32.Zlob.ahg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176789.dll Infected: Trojan-Downloader.Win32.Zlob.aug skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176790.ocx Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176791.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176792.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176793.exe Infected: Trojan-Downloader.Win32.Agent.auv skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176794.dll Infected: Trojan-Downloader.Win32.Zlob.ahg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176795.exe Infected: Trojan-Downloader.Win32.Small.dul skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176796.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176797.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176798.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176799.exe Infected: Trojan-Downloader.Win32.Tibs.il skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176800.dll Infected: Trojan-Downloader.Win32.Zlob.aug skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176801.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176801.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176801.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176802.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.m skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176803.exe Infected: Trojan-Downloader.Win32.Pakes skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP552\A0176804.ocx Infected: not-a-virus:Porn-Dialer.Win32.VB.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP556\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8CCFE539-EABD-4DC1-96CF-45A8502810D3}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\~wa6psetup.exe/file014 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped
C:\WINDOWS\Temp\~wa6psetup.exe Inno: infected - 1 skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm

Unread postby Katana » November 8th, 2007, 10:14 pm

I'm afraid I have unpleasant news for you. You have evidence of Several Very Dangerous infections on this machine.
The worst is a Backdoor Trojan See HERE for more details
Backdoor.Win32.IRCBot.dd <<< Allows access to your machine
Trojan-Spy.Win32.Banker.fgw <<< Logs passwords/credit information


It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a Backdoor/password stealer, the worst kinds.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.

While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.


I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection :(

If you decide to try cleaning please post a fresh HJT log in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Oh.. man

Unread postby keyloggervictim » November 8th, 2007, 10:23 pm

CRAP! :(

I guess the best thing to do is to ReFormat.
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm

Unread postby Katana » November 8th, 2007, 10:32 pm

Given the amount of very nasty infections I have got to agree :(

This file
C:\Documents and Settings\Samir\Shared\Adobe Photoshop CS3 [Pt-Br] %252b Crack.zip

did you no favors whatsoever.

Some of the infections are in quarantine, but depending when you did the scan they may have been active for a while.
I could clean the infected files that I can find, but we have no way of knowing what else has been put on your machine.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby keyloggervictim » November 8th, 2007, 10:38 pm

I did the scan yesterday.
I think it's just best if I ReFormat the computer. :(
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm

Unread postby Katana » November 8th, 2007, 10:41 pm

If you need any help or advice just ask
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby keyloggervictim » November 8th, 2007, 10:48 pm

Well I don't know where to start.
How exactly do you reformat a computer?
Also if I reformat the computer, do I lose the programs that came with the computer when I bought it?
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm

Unread postby Katana » November 8th, 2007, 10:51 pm

Here are some links with further info


When you reformat, you will lose EVERYTHING that is on your machine.
Do you have install discs, or does your machine have a recovery partition ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby keyloggervictim » November 8th, 2007, 11:11 pm

Well come to think of it, most of the programs I got with the computer are useless, so it dosen't really bother me.

I've read the links you posted, and i've already contacted my bank about the possibility of identity theft, but the links don't tell me how to reformat the computer..
So where do I start?
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm

Unread postby Katana » November 9th, 2007, 4:39 am

You start by digging out all the discs and leaflets that came with your PC.
You need to make sure that you have got all the drivers and relevant software that you want to reinstall.
Next make sure you have the install program for your AntiVirus.
If you can't find or don't have any of the above then contact the manufacture of the machine, they will be able to advise you.

Here is a detailed list of how to do the actual reformat.
http://faq.oit.gatech.edu/0305.html
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Unread postby keyloggervictim » November 9th, 2007, 9:22 am

Theres one problem...
My ISP provides free antivirus software, and I can't download it unless I connect with the internet.
I understand that you can be infected in a matter of seconds once you connect to the internet.
What do you think I should do?


Thank you very much for your help.
keyloggervictim
Active Member
 
Posts: 7
Joined: October 22nd, 2007, 3:58 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware