Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 23 Posts

·
Registered
Joined
·
34 Posts
Discussion Starter · #1 ·
my computer just did an automatic upgrade to IE exporer 7 i believe it is. since the upgrade i'm having alot of problems such as not being able to access the internet and it seems like i'm always being redirected to various sites. Heres a copy of a hijack this log thanks for your help

Logfile of HijackThis v1.99.1
Scan saved at 5:41:20 PM, on 1/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Documents and Settings\All Users\Documents\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\xpupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\All Users\Documents\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ferrylanddowns.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58. :)

Welcome to the forum.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:

  1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware .
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon
    and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Restart back into Windows normally now.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #3 ·
hey
followed your instructions. I rebooted in safe mode and started the scan but there was an error.........i restarted the scan and the same error happened. the report saved so heres what it says.

//==<AVG AntiSpyware 7.5.0.50>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 32373236 <pages range base not found>
Exception Date: 01/08/2007 20:43:32
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe: 7.5.0.50

MiniDump Information Saved to .dmp

Registers:
EAX:00000000
EBX:04240000
ECX:7C91056D
EDX:00000000
ESI:7C80DDF5
EDI:00000066
CS:EIP:001B:32373236
SS:ESP:0023:04728260 EBP:7B2D3176
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
32373236 7B2D3176

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
32373236 0472825C 3531392D 33342D44 392D4342 2D463233 <pages range base not found>
43344433 7B2D3176 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0CE000 7.00.5730.0011 C:\WINDOWS\system32\WININET.dll
00F20000 009000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
5DCA0000 045000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\apphelp.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
662B0000 058000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
71A90000 008000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL

//==<AVG AntiSpyware 7.5.0.50>===================================
Exception code: C0000005 ACCESS_VIOLATION
Fault address: 32373236 <pages range base not found>
Exception Date: 01/08/2007 21:14:16
File Version of C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe: 7.5.0.50

MiniDump Information Saved to .dmp

Registers:
EAX:00000000
EBX:04240000
ECX:7C91056D
EDX:00000000
ESI:7C80DDF5
EDI:00000066
CS:EIP:001B:32373236
SS:ESP:0023:04728260 EBP:7B2D3176
DS:0023 ES:0023 FS:003B GS:0000
Flags:00010246

Intel specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Logical addr Module
32373236 7B2D3176

ImageHelp specific method

Call stack:
Address Frame Param 0 Param 1 Param 2 Param 3 Symbol/Logical address
32373236 0472825C 3531392D 33342D44 392D4342 2D463233 <pages range base not found>
43344433 7B2D3176 00000000 00000000 00000000 00000000 <pages range base not found>

Loaded Modules:
Base Size Module
00400000 605000 7.05.0000.0050 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
7C900000 0B0000 5.01.2600.2180 C:\WINDOWS\system32\ntdll.dll
7C800000 0F4000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll
76BF0000 00B000 5.01.2600.2180 C:\WINDOWS\system32\PSAPI.DLL
10000000 0DD000 4.02.0000.0015 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
76780000 009000 6.00.2900.2180 C:\WINDOWS\system32\SHFOLDER.dll
77C10000 058000 7.00.2600.2180 C:\WINDOWS\system32\msvcrt.dll
77DD0000 09B000 5.01.2600.2180 C:\WINDOWS\system32\ADVAPI32.dll
77E70000 091000 5.01.2600.2180 C:\WINDOWS\system32\RPCRT4.dll
77F60000 076000 6.00.2900.3020 C:\WINDOWS\system32\SHLWAPI.dll
77F10000 047000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll
77D40000 090000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll
76B40000 02D000 5.01.2600.2180 C:\WINDOWS\system32\WINMM.dll
76380000 005000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
763B0000 049000 6.00.2900.2180 C:\WINDOWS\system32\comdlg32.dll
773D0000 103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
7C9C0000 815000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll
774E0000 13D000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll
71AD0000 009000 5.01.2600.2180 C:\WINDOWS\system32\WSOCK32.dll
71AB0000 017000 5.01.2600.2180 C:\WINDOWS\system32\WS2_32.dll
71AA0000 008000 5.01.2600.2180 C:\WINDOWS\system32\WS2HELP.dll
76D60000 019000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll
77C00000 008000 5.01.2600.2180 C:\WINDOWS\system32\VERSION.dll
76390000 01D000 5.01.2600.2180 C:\WINDOWS\system32\IMM32.DLL
771B0000 0CE000 7.00.5730.0011 C:\WINDOWS\system32\WININET.dll
00F20000 009000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
5DCA0000 045000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
77B40000 022000 5.01.2600.2180 C:\WINDOWS\system32\apphelp.dll
755C0000 02E000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
5AD70000 038000 6.00.2900.2180 C:\WINDOWS\system32\UxTheme.dll
76FD0000 07F000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
77050000 0C5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
77120000 08C000 5.01.2600.2180 C:\WINDOWS\system32\OLEAUT32.dll
77A20000 054000 5.01.2600.2180 C:\WINDOWS\System32\cscui.dll
76600000 01D000 5.01.2600.2180 C:\WINDOWS\System32\CSCDLL.dll
77920000 0F3000 5.01.2600.2180 C:\WINDOWS\system32\SETUPAPI.dll
76980000 008000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
76990000 025000 5.01.2600.2180 C:\WINDOWS\system32\ntshrui.dll
76B20000 011000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
5B860000 054000 5.01.2600.2976 C:\WINDOWS\system32\NETAPI32.dll
769C0000 0B3000 5.01.2600.2180 C:\WINDOWS\system32\USERENV.dll
71A50000 03F000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
662B0000 058000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
71A90000 008000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
59A60000 0A1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58 :)

I really don't know the reasons for that error. We will return to this part later.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #5 ·
here's the report .txt file

SDFix: Version 1.57

Tue 01/09/2007 - 16:25:39.73

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode

Service Check:

Service Name:

PowerManager
Windows Overlay Components

File Path:

C:\WINDOWS\svchost.exe
C:\WINDOWS\fnffmxy.exe

PowerManager Deleted
Windows Overlay Components Deleted

Starting Registry Repairs

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking Files:
--------------

and the new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 5:28:19 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\All Users\Documents\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\All Users\Documents\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ferrylanddowns.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58 :)

Now, look at post #2. Attempt to run those scans again and post the resulting reports.

Let me know any difficulties you may experience.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #7 ·
tried the scan again but the same thing happened....at about 30 min into the scan there was an error........it came up as 'AVG Anti Spyware 7.5 Exception....something bad has happened in the application'....then it gives the location of the diagnostics file that was saved. i didnt continue with the rest of the instructions. figured i should get back to you first
any ideas
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58 :)

As an alternative do the following:

Click here to download Dr.Web CureIt and save it to your desktop.
  • Doubleclick the drweb-cureit.exe file and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • For information click Here
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh Hijackthis log.
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #9 ·
got through the express scan and it came up no virus found.........once the scan started with my other drives an error occured and the program shut down
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58 :)

Lets take a deeper look:

Download ComboFix from Here or Here. to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #11 ·
hey
sorry i didnt get back to you sooner.....been away for a few days
here's the combofix log and the hijack this log. also ....having a problem with my active desktop now.......i tried restoring it but even in the properties window it's just a blank screen that wont refresh.

thanks again

"Owner" - 07-01-16 22:16:28 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Owner\Desktop\malaware stuff"

ERROR !!! /wow section not completed

((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))

2007-01-12 03:00 d-------- C:\WINDOWS\ie7updates
2007-01-11 21:45 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-01-09 22:41 d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-01-09 16:18 d-------- C:\SDFix
2007-01-08 19:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-08 19:29 d-------- C:\Program Files\Grisoft
2007-01-08 19:21 d-------- C:\bfu
2007-01-06 02:24 28,160 --a------ C:\WINDOWS\xpupdate.exe
2007-01-06 02:24 d-------- C:\Program Files\SpyMarshal
2007-01-02 23:29 d-------- C:\WINDOWS\WBEM
2007-01-02 23:29 d-------- C:\WINDOWS\system32\en-US
2007-01-02 23:28 d--h-c--- C:\WINDOWS\ie7
2007-01-02 23:27 121,856 --------- C:\WINDOWS\system32\xmllite.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-16 22:09 -------- d-------- C:\Program Files\alphazip
2007-01-16 08:22 -------- d-------- C:\DOCUME~1\Owner\Application Data\adobeum
2007-01-11 22:49 -------- d--h----- C:\Program Files\installshield installation information
2007-01-06 02:24 1395659 --a------ C:\DOCUME~1\Owner\Application Data\install.dat
2006-12-11 22:53 58904 --a------ C:\WINDOWS\system32\sysfolderazipcnt.dll
2006-12-11 22:53 58904 --a------ C:\WINDOWS\system32\azipcontmn.dll
2006-12-09 09:04 -------- d-------- C:\Program Files\msn messenger
2006-12-09 09:04 -------- d-------- C:\Program Files\messenger plus! live
2006-12-07 16:54 73728 --a------ C:\WINDOWS\alcfdrtm.exe
2006-12-07 01:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-01 09:21 -------- d-------- C:\DOCUME~1\Owner\Application Data\adobe
2006-11-18 03:01 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 01:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 09:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ares"="\"C:\\Documents and Settings\\All Users\\Documents\\Ares\\Ares.exe\" -h"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\BigFix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]
"backup"="C:\\WINDOWS\\pss\\WKCALREM.LNKStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\WkCalRem.exe "
"item"="WKCALREM"
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\WKCALREM.LNK"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aif644a0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w191f7bf.dll,n 0026449e0000000a191f7bf"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcFDMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCFDRTM"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ALCFDRTM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ap9h4qmo"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\All Users\\Documents\\Ares\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_7"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dunltt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dwon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hvdoe\\Dwon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnffmxyA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fnffmxyA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\fnffmxyA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gah95on6"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAShCut"
"hkey"="HKLM"
"command"="HDAShCut.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb09"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="istsvc"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2JllcZ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ksjxter"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcregwiz"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaAccK"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaPassK"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnappau"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-ca\\msnappau.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\MSNMES~1\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\navapp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="navapp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_7"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omuu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="omuum"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="powerscan"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="C:\\Windows\\Creator\\Remind_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shellapi32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svcnet"
"hkey"="HKLM"
"command"="svcnet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="shwiconem"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MssCli"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"Wallpaper"="C:\\WINDOWS\\desktop.html"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\Windows NT\kyzezez.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\dvd-rom.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-16 22:18:25

hijack this log file
--------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:32:25 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\All Users\Documents\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\All Users\Documents\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ferrylanddowns.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58

Your computer is running in Selective Startup. Please run Msconfig and set the computer into Normal Startup.

Download the enclosed folder and extract its contents to the desktop. It is a batch file. Once extracted double click on it and a new document will be produced. Post its contents in your next reply.

Please click here to download WebRoot SpySweeper (It's a 2 week trial):

  • Click the Free Trial link to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits​

  • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply as well as a new Hijack This log.
 

Attachments

·
Registered
Joined
·
34 Posts
Discussion Starter · #13 ·
hey
when i did the webroot spysweep i had to restart the computer in order to finish the process.....now i cant find the log file for it

heres the other log file you wanted

gonna have to be sent in 2 posts

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell
<NO NAME> REG_SZ AutoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun
<NO NAME> REG_SZ Auto&Play

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command
<NO NAME> REG_SZ C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell
<NO NAME> REG_SZ AutoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun
<NO NAME> REG_SZ Auto&Play

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
<NO NAME> REG_SZ E:\dvd-rom.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{195d96b3-edce-11d9-b041-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F01000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008060000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{195d96b3-edce-11d9-b041-00038a000015}\shell
<NO NAME> REG_SZ None

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{195d96b3-edce-11d9-b041-00038a000015}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8504

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{195d96b3-edce-11d9-b041-00038a000015}\shell\Autoplay\DropTarget
CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383c836a-85ec-11d9-af8b-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F01000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008050000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383c836a-85ec-11d9-af8b-00038a000015}\shell
<NO NAME> REG_SZ None

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383c836a-85ec-11d9-af8b-00038a000015}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8504

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{383c836a-85ec-11d9-af8b-00038a000015}\shell\Autoplay\DropTarget
CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b3b2949-1ca3-11db-91bc-001111ba6b14}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6271e02c-37f8-11d9-af72-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6271e02d-37f8-11d9-af72-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6271e02e-37f8-11d9-af72-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6271e02f-37f8-11d9-af72-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{641d320e-296a-11db-9186-001111ba6b14}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{641d320e-296a-11db-9186-001111ba6b14}\shell
<NO NAME> REG_SZ None

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{641d320e-296a-11db-9186-001111ba6b14}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8504

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{641d320e-296a-11db-9186-001111ba6b14}\shell\Autoplay\DropTarget
CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230760-37f4-11d9-af6f-806d6172696f}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230761-37f4-11d9-af6f-806d6172696f}
BaseClass REG_SZ Drive
_CommentFromDesktopINI REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230762-37f4-11d9-af6f-806d6172696f}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230763-37f4-11d9-af6f-806d6172696f}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230764-37f4-11d9-af6f-0011118e5cd0}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230765-37f4-11d9-af6f-0011118e5cd0}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230766-37f4-11d9-af6f-0011118e5cd0}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65230767-37f4-11d9-af6f-0011118e5cd0}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652c1290-f712-11d8-b5e0-806d6172696f}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652c1291-f712-11d8-b5e0-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FCF5F5F5F5FCFCF5F5F5FCFCFCF5F5F5FCFCFCF5F5FCF5F5F5F5F5F005F5F5F5F5FDFDF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF006000000008020000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{652c1292-f712-11d8-b5e0-806d6172696f}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d5a-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d5b-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_CommentFromDesktopINI REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d5c-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 010001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00600000000D000000
_CommentFromDesktopINI REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d5d-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 010001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF002000000008000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d5e-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d5f-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d60-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82674d61-589a-11d9-a3b1-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFCF5F5F5F5F5F5F5F5F5F5F000010000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882c8c04-32a2-11da-904b-806d6172696f}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FCF5F5F5F5FCFCF5F5F5FCF0101005F5FEEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00200000000C000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a546fb33-cd46-11d9-afde-00038a000015}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a546fb33-cd46-11d9-afde-00038a000015}\shell
<NO NAME> REG_SZ None

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a546fb33-cd46-11d9-afde-00038a000015}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8504

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a546fb33-cd46-11d9-afde-00038a000015}\shell\Autoplay\DropTarget
CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b359ad1c-0ad3-11db-91ab-001111ba6b14}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F5F5F5FCFCF5F5F5F5FCFCFCFCFCF00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8278c4a-48e0-11db-9210-001111ba6b14}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 010001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8278c4a-48e0-11db-9210-001111ba6b14}\shell
<NO NAME> REG_SZ None

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8278c4a-48e0-11db-9210-001111ba6b14}\shell\Autoplay
MUIVerb REG_SZ @shell32.dll,-8504

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8278c4a-48e0-11db-9210-001111ba6b14}\shell\Autoplay\DropTarget
CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e77b1089-3e10-11db-9200-001111ba6b14}
BaseClass REG_SZ Drive
_AutorunStatus REG_BINARY 01000100000100DFDF5FCF5F5F5F5FCFCF5F5F5FCFCFCF5F5F5FCFCFCF5F5FCF5F5F5F5F5FCF5F5F5F5F5FDFDF5F5F5F5FCFCFCFCFCFCFCFCF5FCFCFDF5F5F5F5F5F5F5F5F5F5F002000000000000000

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #14 ·
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d5a-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530054004F005200410047004500230056006F006C0075006D006500230031002600330030006100390036003500390038002600300026005300690067006E0061007400750072006500340042003300360042004400450041004F00660066007300650074003100300044004100350034004300300030004C0065006E00670074006800320035003400410045004400410032003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400350061002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004E0054004600530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000800000001100000FF000500FF00000016000000165316F4000000000000003000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d5b-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530054004F005200410047004500230056006F006C0075006D006500230031002600330030006100390036003500390038002600300026005300690067006E0061007400750072006500340042003300360042004400450041004F006600660073006500740037004500300030004C0065006E0067007400680031003000440041003400430045003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400350062002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046004100540033003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000080000000110000006000000FF00000010000000DF2B3B42000000000000003000E00000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d5c-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C0049004400450023004300640052006F006D00540053005300540063006F00720070005F0043004400230044005600440057005F00540053002D00480035003500320042005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F0047004100300032005F005F005F005F002300350033003500340034003800320064003300350033003500340032003300320036003900340036003600640037003200360031003700370036003500370032003200300032003000320030003200300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400350063002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000100000007F010000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d5d-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C0049004400450023004300640052006F006D0048004C002D00440054002D00530054005F00430044002D0052004F004D005F004700430052002D00380034003800330042005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F0031002E00300030005F005F005F005F002300350026003200380030006100320032003600390026003000260030002E0031002E00300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400350064002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000001000000003000000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d5e-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003100650030003800660036006500340026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400350065002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d5f-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D006500640069006100230037002600330031006100300038003800320026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400350066002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d60-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D0065006400690061002300370026003200330063003500650034003200370026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400360030002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82674d61-589a-11d9-a3b1-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530054004F0052004100470045002300520065006D006F007600610062006C0065004D006500640069006100230037002600380064003600660035006300350026003000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380032003600370034006400360031002D0035003800390061002D0031003100640039002D0061003300620031002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000400000001900000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{882c8c04-32a2-11da-904b-806d6172696f}
Data REG_BINARY 000000005C005C003F005C00530043005300490023004300640052006F006D002600560065006E005F00470065006E0065007200690063002600500072006F0064005F004400560044002D0052004F004D0026005200650076005F0031002E0030002300320026003100320062003100640065003200300026003000260030003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00380038003200630038006300300034002D0033003200610032002D0031003100640061002D0039003000340062002D003800300036006400360031003700320036003900360066007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000001000000013010000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e77b1089-3e10-11db-9200-001111ba6b14}
Data REG_BINARY 000000005C005C003F005C00530043005300490023004300640052006F006D002600560065006E005F0044004200380034003100340058002600500072006F0064005F00470052004500380039003700490026005200650076005F0032002E00300042002300350026003100330034003500650038003100330026003000260030003000300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0056006F006C0075006D0065007B00650037003700620031003000380039002D0033006500310030002D0031003100640062002D0039003200300030002D003000300031003100310031006200610036006200310034007D005C00000049006E00760061006C00690064000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000049006E00760061006C006900640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000001000000013810000BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000
Generation REG_DWORD 0x1
 

·
Retired Moderator and Malware Specialist
Joined
·
18,549 Posts
Hi, lees58 :)

If I can't see it, I can't call it.

NOTE: See if you can get to the Spysweeper log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Please create a Restore point:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "Before VirusScan", then click Create.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  1. Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.
Registry Modifications

Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Restart the computer.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • For information click Here
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh Hijackthis log.
 

Attachments

·
Registered
Joined
·
34 Posts
Discussion Starter · #16 ·
hey.....just found that log from the sweep program...here it is.......didnt get a chance to follow the other instructions yet....doing that now
thanks

2 posts again

Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
10:58 PM: IE Hijack Shield: Resetting Search Page value.
10:58 PM: IE Hijack Shield: Resetting IE advanced data value.
10:58 PM: IE Hijack Shield: Resetting IE advanced data value.
IE Tracking Cookies Shield: Off
10:58 PM: Shield States
10:58 PM: Spyware Definitions: 839
10:58 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/17/2007 12:37:36 PM (GMT)
10:58 PM: Spy Sweeper 5.2.3.2138 started
6:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:31 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
6:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
6:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:26 PM: Shield States
6:26 PM: Spyware Definitions: 839
6:26 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/17/2007 12:37:36 PM (GMT)
6:25 PM: Spy Sweeper 5.2.3.2138 started
3:28 PM: | End of Session, Wednesday, January 17, 2007 |
3:28 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:27 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:25 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[7].ssq". The process cannot access the file because it is being used by another process
3:25 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[7].ssq". The process cannot access the file because it is being used by another process
3:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:24 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:23 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:23 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:23 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:23 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:23 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:22 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:22 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
3:21 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:21 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:21 PM: Your virus definitions have been updated.
3:21 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 1/17/2007 12:37:36 PM (GMT)
3:20 PM: Your spyware definitions have been updated.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:16 PM: Shield States
3:16 PM: Spyware Definitions: 816
3:16 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
3:15 PM: Spy Sweeper 5.2.3.2138 started
3:15 PM: Spy Sweeper 5.2.3.2138 started
3:15 PM: | Start of Session, Wednesday, January 17, 2007 |
********
5:51 PM: Removal process completed. Elapsed time 00:01:43
5:51 PM: Preparing to restart your computer. Please wait...
5:50 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SSTA1C.tmp". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SSTA1C.tmp". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SSTA1C.tmp". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SSTA1D.tmp". Reason: The system cannot find the file specified
5:50 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
5:50 PM: Quarantining All Traces: 180search assistant/zango
5:50 PM: Quarantining All Traces: sexlist cookie
5:50 PM: Quarantining All Traces: clickzs cookie
5:50 PM: Quarantining All Traces: sextracker cookie
5:50 PM: Quarantining All Traces: tacoda cookie
5:50 PM: Quarantining All Traces: webtrendslive cookie
5:50 PM: Quarantining All Traces: serving-sys cookie
5:50 PM: Quarantining All Traces: questionmarket cookie
5:50 PM: Quarantining All Traces: mediaplex cookie
5:50 PM: Quarantining All Traces: webtrends cookie
5:50 PM: Quarantining All Traces: screensavers.com cookie
5:50 PM: Quarantining All Traces: go.com cookie
5:50 PM: Quarantining All Traces: casalemedia cookie
5:50 PM: Quarantining All Traces: bluestreak cookie
5:50 PM: Quarantining All Traces: atlas dmt cookie
5:50 PM: Quarantining All Traces: advertising cookie
5:50 PM: Quarantining All Traces: pointroll cookie
5:50 PM: Quarantining All Traces: about cookie
5:50 PM: Quarantining All Traces: 2o7.net cookie
5:50 PM: Quarantining All Traces: command
5:50 PM: Quarantining All Traces: spywarestrike
5:50 PM: Quarantining All Traces: exact cashback/bargain buddy
5:50 PM: Quarantining All Traces: ist surf accuracy
5:50 PM: Quarantining All Traces: findthewebsiteyouneed hijack
5:50 PM: Quarantining All Traces: ist sidefind
5:50 PM: Quarantining All Traces: starware toolbar
5:50 PM: Quarantining All Traces: zquest
5:50 PM: Quarantining All Traces: winad
5:50 PM: Quarantining All Traces: comet cursor
5:50 PM: C:\\nwnmff_7.exe is in use. It will be removed on reboot.
5:50 PM: dollarrevenue is in use. It will be removed on reboot.
5:50 PM: Quarantining All Traces: dollarrevenue
5:50 PM: Quarantining All Traces: bravesentry fakealert
5:50 PM: Quarantining All Traces: spysheriff fakealert
5:50 PM: Quarantining All Traces: websearch toolbar
5:50 PM: Quarantining All Traces: trojan-downloader-zlob
5:50 PM: Quarantining All Traces: visfx
5:50 PM: c:\windows\system32\csjqe.exe is in use. It will be removed on reboot.
5:49 PM: trojan-downloader-ruin is in use. It will be removed on reboot.
5:49 PM: Quarantining All Traces: trojan-downloader-ruin
5:49 PM: Removal process initiated
5:22 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:50 PM: Traces Found: 104
4:50 PM: Custom Sweep has completed. Elapsed time 01:21:37
4:49 PM: c:\windows\system32\dmrrt.exe (ID = 390594)
4:49 PM: C:\WINDOWS\system32\dmgax.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmzvz.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmkkx.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmvnm.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmxdb.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmwoo.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmfwd.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmatv.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmemt.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmimu.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmqld.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmiih.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmncm.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmfid.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmepb.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmhvt.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmali.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmmje.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmutr.exe (ID = 390594)
4:49 PM: c:\windows\system32\dmtdo.exe (ID = 390594)
4:49 PM: c:\windows\system32\csjqe.exe (ID = 391319)
4:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet security add-on\ (ID = 1554174)
4:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006\ (ID = 1554173)
4:49 PM: File Sweep Complete, Elapsed Time: 01:04:46
4:49 PM: C:\Documents and Settings\Owner\Start Menu\Programs\HQ Codec\Uninstall.lnk (1 subtraces) (ID = 2147528296)
4:45 PM: Warning: Stream read error
4:43 PM: Warning: Failed to access drive L:
4:43 PM: Warning: Failed to access drive K:
4:43 PM: Warning: Failed to access drive J:
4:43 PM: Warning: Failed to access drive I:
4:43 PM: Warning: Failed to access drive H:
4:43 PM: Warning: Failed to access drive G:
4:43 PM: Warning: Failed to access drive F:
4:43 PM: Warning: Failed to access drive E:
4:42 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\F28DC181-EB69-4236-AAE6-1D4BD9\9837E8AD-8172-46DD-A55C-EAC90C (ID = 244442)
4:42 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\F416FD88-B3C7-4477-9C56-C24FA7\C07A6502-D7DF-4194-A555-BCF051 (ID = 244442)
4:42 PM: C:\WINDOWS\IA\KE.vbs (ID = 185675)
4:42 PM: Found Adware: command
4:42 PM: C:\Program Files\Windows Media Player\horemoheb (ID = 329519)
4:42 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\EC0E07C5-1F1F-4F4E-9FA3-7C764D\CFE8A582-1C4A-4D32-8191-0A85C4 (ID = 244442)
4:42 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\E579910C-D642-486E-8E37-EE257C\5B9B1CE4-B018-4B09-A0F6-286FD4 (ID = 244442)
4:40 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\D21CF5CD-2A72-45A0-A3A5-D5F138\D2B4FCF9-63AD-4C4A-94C7-50C8E2 (ID = 244442)
4:40 PM: Found Adware: spywarestrike
4:40 PM: C:\Program Files\Mozilla Firefox\components\npclntax.xpt (ID = 146238)
4:40 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my pictures\christmas 2005\x1pgg9emswql-9vce8-r8mv-1nbn2qyacizjb9v6m7ivfud2rqyifuer23jg2an_plbo0p8ufe7xgtt3nz1ymdnjdlpkozji9bt0hcft-4mmrchsos00xbxj2kiwihj2iyakrp3b3rvmhfc_mmw9y0dqq.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}". The operation completed successfully
4:39 PM: C:\WINDOWS\xpupdate.exe (ID = 385880)
4:39 PM: Found Adware: bravesentry fakealert
4:38 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\aod\aolaod.exe". "c:\program files\aod\aolaod.exe": File not found
4:38 PM: C:\Program Files\Mozilla Firefox\plugins\npclntax.dll (ID = 145894)
4:38 PM: Found Adware: 180search assistant/zango
4:38 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\winace\sxuninst.exe". "c:\program files\winace\sxuninst.exe": File not found
4:38 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\real\realplayer\realplay.exe". "c:\program files\real\realplayer\realplay.exe": File not found
4:36 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\messengerplus! 3\msgplus.exe". "c:\program files\messengerplus! 3\msgplus.exe": File not found
4:34 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\adobe\photoshop 7.0\samples\droplets\photoshop droplets\save as jpeg medium.exe". "c:\program files\adobe\photoshop 7.0\samples\droplets\photoshop droplets\save as jpeg medium.exe": File not found
4:33 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\adobe\photoshop 7.0\required\droplet template.exe". "c:\program files\adobe\photoshop 7.0\required\droplet template.exe": File not found
4:31 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\web server extensions\40\bin\fpserver.exe". "c:\program files\common files\microsoft shared\web server extensions\40\bin\fpserver.exe": File not found
4:30 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\sony shared\openmg\updater\udlaunch.exe". "c:\program files\common files\sony shared\openmg\updater\udlaunch.exe": File not found
4:29 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-ca\mtbs.exe". "c:\program files\msn apps\msn toolbar\01.02.3000.1001\en-ca\mtbs.exe": File not found
4:27 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:27 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\microsoft shared\works shared\dw15.exe". "c:\program files\common files\microsoft shared\works shared\dw15.exe": File not found
4:27 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[77].ssq". The process cannot access the file because it is being used by another process
4:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
Operation: File Access
Target:
Source: C:\WINDOWS\SVCHOST.EXE
Matched Spy: W32/Jeefo-A
4:26 PM: Tamper Detection
4:26 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:25 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\microsoft picture it! 9\dw15.exe". "c:\program files\microsoft picture it! 9\dw15.exe": File not found
4:24 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:24 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:24 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[67].ssq". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[67].ssq". The process cannot access the file because it is being used by another process
4:24 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:24 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:23 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:22 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
4:21 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:21 PM: c:\windows\system32\spmrgaat.exe (ID = 321)
4:21 PM: Found Adware: spysheriff fakealert
4:20 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:20 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[64].ssq". The process cannot access the file because it is being used by another process
4:20 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:20 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:19 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[63].ssq". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[63].ssq". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Cannot open file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[63].ssq". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[63].ssq". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[63].ssq". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[63].ssq". The process cannot access the file because it is being used by another process
4:19 PM: Warning: Failed to read file "c:\program files\common files\aol\backup\acs\current\us\acssetup.exe". "c:\program files\common files\aol\backup\acs\current\us\acssetup.exe": File not found
4:19 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:19 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:19 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:19 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:18 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:18 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:18 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:18 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:17 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:17 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\microsoft money\system\mnyexpr.exe". "c:\program files\microsoft money\system\mnyexpr.exe": File not found
4:17 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[61].ssq". The process cannot access the file because it is being used by another process
4:17 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[61].ssq". The process cannot access the file because it is being used by another process
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:16 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:15 PM: C:\WINDOWS\system32\instsrv.exe (ID = 50713)
4:15 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\installshield installation information\{7c21eee0-e6fd-11d4-bd19-00d0b702aec0}\setup.exe". "c:\program files\installshield installation information\{7c21eee0-e6fd-11d4-bd19-00d0b702aec0}\setup.exe": File not found
4:15 PM: Found Adware: exact cashback/bargain buddy
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[52].ssq". The process cannot access the file because it is being used by another process
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[51].ssq". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[51].ssq". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Cannot open file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[51].ssq". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[51].ssq". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[51].ssq". The process cannot access the file because it is being used by another process
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:14 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:13 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:13 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:13 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[50].ssq". The process cannot access the file because it is being used by another process
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #17 ·
4:12 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:12 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:11 PM: Warning: Cannot open file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot open file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:11 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[49].ssq". The process cannot access the file because it is being used by another process
4:10 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:09 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:08 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:08 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:08 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:08 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:07 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:06 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[44].ssq". The process cannot access the file because it is being used by another process
4:06 PM: Warning: Cannot open file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[43].ssq". The process cannot access the file because it is being used by another process
4:06 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:05 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:05 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:04 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:04 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:03 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[41].ssq". The process cannot access the file because it is being used by another process
4:03 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[41].ssq". The process cannot access the file because it is being used by another process
4:03 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[41].ssq". The process cannot access the file because it is being used by another process
4:03 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[41].ssq". The process cannot access the file because it is being used by another process
4:03 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[41].ssq". The process cannot access the file because it is being used by another process
4:03 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:02 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[40].ssq". The process cannot access the file because it is being used by another process
4:02 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[40].ssq". The process cannot access the file because it is being used by another process
4:02 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[40].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:01 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:01 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:01 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:01 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:01 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:01 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[39].ssq". The process cannot access the file because it is being used by another process
4:00 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:00 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:00 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
4:00 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:59 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:58 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[38].ssq". The process cannot access the file because it is being used by another process
3:58 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[38].ssq". The process cannot access the file because it is being used by another process
3:58 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[38].ssq". The process cannot access the file because it is being used by another process
3:57 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:57 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:57 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:57 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:57 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:56 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[37].ssq". The process cannot access the file because it is being used by another process
3:56 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:56 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:56 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:56 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\E7395AD7-07C2-4086-BCD3-B61244\F8080845-F808-44B7-A385-344D8F (ID = 162775)
3:56 PM: Found Adware: ist surf accuracy
3:56 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:56 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:56 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:55 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:55 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[30].ssq". The process cannot access the file because it is being used by another process
3:54 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[30].ssq". The process cannot access the file because it is being used by another process
3:54 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[30].ssq". The process cannot access the file because it is being used by another process
3:54 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[30].ssq". The process cannot access the file because it is being used by another process
3:54 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[30].ssq". The process cannot access the file because it is being used by another process
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:54 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:53 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[28].ssq". The process cannot access the file because it is being used by another process
3:53 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:53 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:52 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[27].ssq". The process cannot access the file because it is being used by another process
3:52 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[27].ssq". The process cannot access the file because it is being used by another process
3:52 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:51 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:50 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:49 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:49 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[22].ssq". The process cannot access the file because it is being used by another process
3:49 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[22].ssq". The process cannot access the file because it is being used by another process
3:49 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[22].ssq". The process cannot access the file because it is being used by another process
3:49 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[22].ssq". The process cannot access the file because it is being used by another process
3:49 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[22].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:48 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[21].ssq". The process cannot access the file because it is being used by another process
3:47 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:47 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:47 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:47 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:47 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:46 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:46 PM: C:\Documents and Settings\Owner\Start Menu\Programs\HQ Codec (1 subtraces) (ID = 2147531231)
3:46 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:46 PM: C:\Program Files\HQ Codec (1 subtraces) (ID = 2147528296)
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:45 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:44 PM: Starting File Sweep
3:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
3:44 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3361)
3:44 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3353)
3:44 PM: Found Spy Cookie: sexlist cookie
3:44 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6442)
3:44 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2413)
3:44 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2413)
3:44 PM: Found Spy Cookie: clickzs cookie
3:44 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3362)
3:44 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3362)
3:44 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3362)
3:44 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3362)
3:44 PM: Found Spy Cookie: sextracker cookie
3:44 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2253)
3:44 PM: c:\documents and settings\games\cookies\[email protected][2].txt (ID = 1958)
3:44 PM: c:\documents and settings\games\cookies\[email protected][2].txt (ID = 2253)
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3298)
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 6444)
3:44 PM: Found Spy Cookie: tacoda cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3667)
3:44 PM: Found Spy Cookie: webtrendslive cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3343)
3:44 PM: Found Spy Cookie: serving-sys cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3297)
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3217)
3:44 PM: Found Spy Cookie: questionmarket cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2038)
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 6442)
3:44 PM: Found Spy Cookie: mediaplex cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3669)
3:44 PM: Found Spy Cookie: webtrends cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
3:44 PM: Found Spy Cookie: screensavers.com cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2728)
3:44 PM: Found Spy Cookie: go.com cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2354)
3:44 PM: Found Spy Cookie: casalemedia cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2314)
3:44 PM: Found Spy Cookie: bluestreak cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2253)
3:44 PM: Found Spy Cookie: atlas dmt cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2175)
3:44 PM: Found Spy Cookie: advertising cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3148)
3:44 PM: Found Spy Cookie: pointroll cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2037)
3:44 PM: Found Spy Cookie: about cookie
3:44 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 1957)
3:44 PM: Found Spy Cookie: 2o7.net cookie
3:44 PM: Starting Cookie Sweep
3:44 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:44 PM: Registry Sweep Complete, Elapsed Time:00:12:16
3:44 PM: HKU\S-1-5-21-3100389338-3426401208-1273447278-1003\software\hqcodec\ (ID = 1613990)
3:44 PM: HKU\S-1-5-21-3100389338-3426401208-1273447278-1003\software\hq codec\ (ID = 1613988)
3:44 PM: HKU\S-1-5-21-3100389338-3426401208-1273447278-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
3:44 PM: HKU\S-1-5-21-3100389338-3426401208-1273447278-1003\software\internet security\ (ID = 1553896)
3:44 PM: HKU\S-1-5-21-3100389338-3426401208-1273447278-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
3:44 PM: Found Adware: findthewebsiteyouneed hijack
3:44 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:43 PM: HKU\WRSS_Profile_S-1-5-21-3100389338-3426401208-1273447278-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
3:42 PM: HKU\WRSS_Profile_S-1-5-21-3100389338-3426401208-1273447278-501\software\internet security\ (ID = 1553896)
3:42 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[18].ssq". The process cannot access the file because it is being used by another process
3:42 PM: HKU\WRSS_Profile_S-1-5-21-3100389338-3426401208-1273447278-501\software\starware\ (ID = 142866)
3:42 PM: Found Adware: starware toolbar
3:42 PM: HKU\WRSS_Profile_S-1-5-21-3100389338-3426401208-1273447278-501\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
3:42 PM: Found Adware: ist sidefind
3:41 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:41 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:41 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:41 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet security add-on\ || uninstallstring (ID = 1858424)
3:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet explorer security plugin 2006\ || uninstallstring (ID = 1858423)
3:41 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:41 PM: HKLM\software\classes\hqcodec\ (ID = 1614023)
3:41 PM: HKCR\hqcodec\ (ID = 1613985)
3:41 PM: HKLM\software\microsoft\windows\currentversion\ruins\ (ID = 1585692)
3:41 PM: HKLM\system\currentcontrolset\enum\root\legacy_tbpssvc\ (ID = 1578555)
3:41 PM: HKLM\system\controlset001\enum\root\legacy_tbpssvc\ (ID = 1578529)
3:41 PM: Found Adware: websearch toolbar
3:41 PM: BHO Shield: found: -- BHO installation denied at user request
3:41 PM: HKLM\software\microsoft\windows\currentversion\run\ || keyboard (ID = 1558789)
3:41 PM: HKLM\software\microsoft\windows\currentversion\run\ || defender (ID = 1558788)
3:40 PM: HKLM\software\classes\avzipenchancer.chl\ (ID = 1530187)
3:40 PM: HKCR\avzipenchancer.chl\ (ID = 1530184)
3:40 PM: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
3:40 PM: HKCR\vsenchancer.chl\ (ID = 1519747)
3:40 PM: BHO Shield: found: -- BHO installation denied at user request
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[17].ssq". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[17].ssq". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[17].ssq". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[17].ssq". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[17].ssq". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[17].ssq". The process cannot access the file because it is being used by another process
3:39 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:39 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:39 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:39 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:39 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:39 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[16].ssq". The process cannot access the file because it is being used by another process
3:38 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:37 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\995912786[16].ssq". The process cannot access the file because it is being used by another process
3:37 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:37 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: HKLM\software\microsoft\windows\currentversion\app paths\ecodec.exe\ (ID = 1159208)
3:33 PM: Found Trojan Horse: trojan-downloader-zlob
3:33 PM: HKLM\software\microsoft\windows\currentversion\run\ || actx1 (ID = 957560)
3:33 PM: Found Adware: zquest
3:33 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:33 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (ID = 712951)
3:33 PM: Found Adware: visfx
3:33 PM: HKLM\software\microsoft\windows\currentversion\urls\ (ID = 605127)
3:33 PM: Found Trojan Horse: trojan-downloader-ruin
3:33 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediapassx.dll\ (ID = 147192)
3:33 PM: Found Adware: winad
3:33 PM: HKLM\software\screensavers.com\ (ID = 140569)
3:33 PM: Found Adware: comet cursor
3:32 PM: Starting Registry Sweep
3:32 PM: Memory Sweep Complete, Elapsed Time: 00:03:15
3:30 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:29 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:28 PM: Starting Memory Sweep
3:28 PM: C:\\nwnmff_7.exe (ID = 1231926)
3:28 PM: Spy Installation Shield: found: Virus: W32/Jeefo-A, version
3:28 PM: HKLM\software\microsoft\windows\currentversion\run\ || newname (ID = 1231926)
3:28 PM: Found Adware: dollarrevenue
3:28 PM: Start Custom Sweep
3:28 PM: Sweep initiated using definitions version 839
3:28 PM: Spy Sweeper 5.2.3.2138 started
3:28 PM: | Start of Session, Wednesday, January 17, 2007 |
********
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #19 ·
hey
i've followed all the instructions and i am now currently running the f secure scanner.........it has been in the cleaning stage now for almost 4 hours and seems to be stuck on process 180/185........its says its currently cleaning: tracking cookie........just wondering what i should do
 

·
Registered
Joined
·
34 Posts
Discussion Starter · #20 ·
hi again
computer was starting to freeze so i stoped the preocess. heres the report with a new hijack this log

Result: 185 malware found
Java/OpenConnection.AA (virus)
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COUNT.JAR-5AD4DA67-11B312C5.ZIP (Submitted)
Possible Browser Hijack attempt (spyware)
System
Tracking Cookie (spyware)
System (Disinfected)
System
System
System (Submitted)
System
System
System
Trojan-Clicker.Win32.VB.ij (virus)
C:\WINDOWS\FNFFMXY.EXE (Renamed & Submitted)
Trojan.Win32.Crypt.t (virus)
C:\WINDOWS\SYSTEM32\LPQDOCVW.EXE (Renamed & Submitted)
Virus.Win32.Hidrag.a (virus)
C:\WINDOWS\BURN4FREE_TOOLBAR_UNINSTALLER_4531.EXE (Disinfected & Submitted)
C:\WINDOWS\HIDEWIN.EXE (Disinfected & Submitted)
C:\WINDOWS\SVCHOST.EXE (Submitted)
C:\WINDOWS\UNNEROBURNRIGHTS.EXE (Disinfected & Submitted)
C:\WINDOWS\ZHOTKEY.EXE (Disinfected & Submitted)
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\7E9C3219E54B43A6D50FC3202FBC3A2B\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\7E9C3219E54B43A6D50FC3202FBC3A2B\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\SMINST\START.EXE (Disinfected & Submitted)
C:\WINDOWS\REGISTEREDPACKAGES\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\SYSTEM\MIGRATE.EXE (Disinfected)
C:\WINDOWS\REGISTEREDPACKAGES\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\SYSTEM\UNREGMP2.EXE (Disinfected)
C:\WINDOWS\REGISTEREDPACKAGES\{DD90D410-1823-43EB-9A16-A2331BF08799}\MIGRATE.EXE (Disinfected)
C:\WINDOWS\REGISTEREDPACKAGES\{DD90D410-1823-43EB-9A16-A2331BF08799}\UNREGMP2.EXE (Disinfected)
C:\WINDOWS\REGISTEREDPACKAGES\{DD90D410-1823-43EB-9A16-A2331BF08799}\WMLAUNCH.EXE (Disinfected)
C:\WINDOWS\REGISTEREDPACKAGES\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\SYSTEM\LOGAGENT.EXE (Disinfected & Submitted)
C:\WINDOWS\REGISTEREDPACKAGES\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\SYSTEM\SETUP_WM.EXE (Disinfected)
C:\WINDOWS\REGISTEREDPACKAGES\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\SETUP_WM.EXE (Disinfected)
C:\WINDOWS\OPTIONS\OEMRESET.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\NETSETUP.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\REGEDIT.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\SYSPARSE.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\DRW\DWWIN.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\DRV\NET\PROUNSTL.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\DRV\MOD\HXFSETUP.EXE (Disinfected & Submitted)
C:\WINDOWS\I386\DRV\MOD\SETUP.EXE (Disinfected & Submitted)
C:\WINDOWS\DOWNLOADED INSTALLATIONS\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\QUICKTIMEINSTALLER.EXE (Disinfected)
C:\WINDOWS\$NTUNINSTALLKB921883$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB918439$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB917734_WMP10$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB916595$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB916281$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB912812$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB911567$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB911565$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB900485$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$NTUNINSTALLKB888111WXPSP2$\SPUNINST\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB921883\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB921883\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB918439\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB918439\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB917953\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB917953\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB917344\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB917344\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB917159\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB917159\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB916595\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB916595\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB916281\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB916281\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB914389\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB914389\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB914388\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB914388\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB913580\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB913580\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB913446\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB913446\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB912812\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB912812\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911927\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911927\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911567\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911567\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911562\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911562\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911280\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB911280\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB908531\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB908531\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB900485\SPUNINST.EXE (Disinfected & Submitted)
C:\WINDOWS\$HF_MIG$\KB900485\UPDATE\UPDATE.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\REGISTRY MECHANIC\LIVEUPDATE.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\REALTEK\INSTALLSHIELD\KB888111XPSP2.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\QUICKTIME\QTINFO.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MSNMUSIC\4226092\MSNMUSIC.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT WORKS\WKSDICT.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSS.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT PICTURE IT! 7\SETUP\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\GRAPH9.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSACCESS.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\VTIDISC.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\VTIFORM.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\VTIPRES.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOHELP.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\PROJWIZ.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\DW15.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MIS.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\02MT.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\04EC.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\09LI.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\10CB.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\11RI.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\12BA.EXE (Disinfected)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\14RD.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\15CT.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\MICROSOFT MONEY\MEDIA\AVHELP\18BF.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\UNREGAAW.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\JAVA\JRE1.5.0_04\BIN\JAVAWS.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INTERACTUAL\INTERACTUAL PLAYER\IPLAYER.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{FF262740-C85A-11D5-BBEC-00D0B740900A}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE (Disinfected)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{EE85B4C2-49F2-4A3B-A8FA-458DAD0D820F}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{A0EB195B-5876-48E6-879D-33D4B2102610}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{174BBB44-A1C7-4DB1-BC28-234EEDEB6458}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{12042FF7-8D00-4384-9A25-638918B94950}\SETUP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\GOOGLE\GOOGLE EARTH\GOOGLEEARTH.EXE (Disinfected)
C:\PROGRAM FILES\CYBERLINK\POWERDVD\CLTEST.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\CYBERLINK\POWERDVD\DDTESTER.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\CYBERLINK\POWERDVD\POWERDVD.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\CYBERLINK\COMMON\UPDATEIPR.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\NT\CNFNOT32.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\NT\SCANPST.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\STOPMUSICSERVER\STOPMUSICSERVER.EXE (Disinfected)
C:\PROGRAM FILES\COMMON FILES\SONY SHARED\OPENMG\UPDATER\UDAPP.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\R1PUNINST.EXE (Disinfected)
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\UPGRDHLP.EXE (Disinfected)
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUPDAT2.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\ARTGALRY\ARTGALRY.EXE (Disinfected)
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\ENGINE\6\INTEL 32\IKERNEL.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\9\INTEL 32\IDRIVER.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER2.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVER.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\AOL\SCREENSAVER\UNINST_YGPSS.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\COMMON FILES\ADOBE\WORKFLOW\ADOBEWORKGROUPHELPER.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\AHEAD\WMPBURN\WMPBURN.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\AHEAD\NERO TOOLKIT\CDSPEED.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\AHEAD\NERO TOOLKIT\DRIVESPEED.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\AHEAD\NERO BACKITUP\NBJ.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\AHEAD\NERO BACKITUP\NBR.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\AGED PHOTO.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\CONDITIONAL MODE CHANGE.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\CONSTRAIN TO 300 PIXELS.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\CONSTRAIN TO 64 PIXELS.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\DROP SHADOW FRAME.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\MAKE BUTTON.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\MAKE SEPIA TONE.EXE (Disinfected & Submitted)
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\SAMPLES\DROPLETS\PHOTOSHOP DROPLETS\SAVE AS PHOTOSHOP PDF.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\SHARED\MCAFEE VIRUSCAN 8.0 PROFESIONAL FULL (FIREWALL + SPAM KILLER)\FIREWALL\EULA.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\JRE-1_5_0_04-WINDOWS-I586-P-IFTW.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DVD-SHRINK V3.14 + DVD DECRYPTER V3.19 + DVD REGION-FREE V3.10 (CRACKED!) - JACKTHARIPPER\DVD SHRINK 2.3 GERMAN.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DVD-SHRINK V3.14 + DVD DECRYPTER V3.19 + DVD REGION-FREE V3.10 (CRACKED!) - JACKTHARIPPER\DVD SHRINK V3.14\DVD SHRINK 3.14.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DVD-SHRINK V3.14 + DVD DECRYPTER V3.19 + DVD REGION-FREE V3.10 (CRACKED!) - JACKTHARIPPER\DVD REGION-FREE V3.10 + CRACK\DVDREGIONFREE31.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DVD-SHRINK V3.14 + DVD DECRYPTER V3.19 + DVD REGION-FREE V3.10 (CRACKED!) - JACKTHARIPPER\DVD DECRYPTER V3.19\DVD DECRYPTER V3.1.9.0.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\ARES\MY SHARED FOLDER\ADOBE - ADOBE PHOTOSHOP CS V8 0 + SERIAL + CRACK.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\ARES\MY SHARED FOLDER\ADOBE PHOTO SHOP - ADOBE PHOTOSHOP 7 FULL INSTALL WITH SERIAL.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\ARES\MY SHARED FOLDER\MCAFEE - MCAFEE - MCAFEE ANTI-VIRUS 2005 WITH SERIAL.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\ARES\MY SHARED FOLDER\MICROSOFT - FLIGHT SIMULATOR 2000 PRO FULL.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\ARES\MY SHARED FOLDER\NORTON ANTIVIRUS 2006 + ACTIVATION KEY + SERIAL [THIS WORKS!].EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\ARES\MY SHARED FOLDER\RESUME MAKER DELUXE 2002 V9 0.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\MALAWARE STUFF\RECENT DOWNLOADS\ERUNT-SETUP.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\TEMP\EGIRL V1 2 3D SEX EROTIC GIRL INTERACTIVE 3D.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\FROM ARES\VARIOUS TUNES\DVD RECORDING SOFTWARE - CLONE DVD + ANY DVD+ CRACK+SERIAL.EXE (Disinfected & Submitted)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\FROM ARES\VARIOUS TUNES\EGIRL V1 2 3D SEX EROTIC GIRL INTERACTIVE 3D.EXE (Disinfected)
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\FROM ARES\VARIOUS TUNES\VIRTUAL GIRL FULL VERSION PLUS GIRLS(2).EXE (Disinfected)
C:\CABS\HDREALTEK5125\MSHDQFE\WIN2K_XP\US\KB888111XPSP1.EXE (Disinfected & Submitted)
C:\CABS\HDREALTEK5125\MSHDQFE\WIN2K3\US\KB888111SRVRTM.EXE (Disinfected & Submitted)
W32/Spywad.DBR (virus)
C:\PROGRAM FILES\SPYMARSHAL\UNINSTALL.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 32517
System: 5846
Not scanned: 5
Actions:
Disinfected: 173
Renamed: 2
Deleted: 0
None: 10
Submitted: 147
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-01-17
F-Secure AVP: 7.0.171, 2007-01-17
F-Secure Orion: 1.2.37, 2007-01-17
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-00-16
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
1 - 20 of 23 Posts
Status
Not open for further replies.
Top