Help with Smitfraud toolbar888 and Torpig
-
Hiya , i ran a scan with spybot and found out i got infected with smitfraud toolbar888 and Torpig , and even though i remove it the 1st time , it just return. Anyone can help me with this?
Heres the hijack this log file:
Logfile of HijackThis v1.99.1
Scan saved at 11:12:17 AM, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\p0713160\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\p0713160\Desktop\Setup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/help/aw/evhelp/0.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\pmnljhf.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AACAB351-07F7-4D24-8C44-3FAB8EBED017} - C:\WINDOWS\system32\geeba.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170669123703
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RaySat_3dsmax8 Server (RaySat_3dsmax8Server) - Unknown owner - C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -
Show hidden files and folders
- [*]Open My Computer.
[*]Go to Tools > Folder Options.
[*]Select the View tab.
[*]Scroll down to Hidden files and folders.
[*]Select Show hidden files and folders.
[*]Uncheck (untick) Hide extensions of known file types.
[*]Uncheck (untick) Hide protected operating system files (Recommended).
[*]Click Yes when prompted.
[*]Click OK.
[*]Close My Computer.
Please download SmitFraudFix.exe by S!Ri and save it to the desktop.- [*]Double click on SmitfraudFix.exe.
[*]Press 1 then hit the Enter key.
[*]It will create a report named rapport.txt, usually at C drive.
Please download VundoFix and save it to your desktop.- [*]Double-click VundoFix.exe to run it.
[*]When VundoFix re-opens, click the Scan for Vundo button.
[*]Once it's done scanning, click the Remove Vundo button.
[*]You will receive a prompt asking if you want to remove the files, click YES
[*]Once you click yes, your desktop will go blank as it starts removing Vundo.
[*]When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Please navigate to C:\WINDOWS and locate system.ini.
Double click on this file.
Please post the contents of this file.
In your next reply, please post:- [*]Contents of C:\rapport.txt
[*]VundoFix log
[*]Contents of system.ini -
Thanks alot for replying =D
Rapport.txt:
SmitFraudFix v2.192
Scan done at 19:06:41.57, 07/06/2007
Run from C:\Documents and Settings\p0713160\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Intel
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\DOCUME~1\p0713160\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\p0713160
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\p0713160\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\p0713160\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 218.186.1.38
DNS Server Search Order: 202.156.1.68
DNS Server Search Order: 202.156.1.48
HKLM\SYSTEM\CCS\Services\Tcpip\..\{68D8DCF4-BA16-4B95-8561-DC9E2B78763F}: DhcpNameServer=218.186.1.38 202.156.1.68 202.156.1.48
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68D8DCF4-BA16-4B95-8561-DC9E2B78763F}: DhcpNameServer=218.186.1.38 202.156.1.68 202.156.1.48
HKLM\SYSTEM\CS2\Services\Tcpip\..\{68D8DCF4-BA16-4B95-8561-DC9E2B78763F}: DhcpNameServer=218.186.1.38 202.156.1.68 202.156.1.48
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=218.186.1.38 202.156.1.68 202.156.1.48
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=218.186.1.38 202.156.1.68 202.156.1.48
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=218.186.1.38 202.156.1.68 202.156.1.48
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
VundoFix Log:Note:I've ran VundoFix before before i asked for help so i've already removed those infected files thats why this time i ran VundoFix , there is nothing to be removed
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 11:10:45 PM 06/06/2007
Listing files found while scanning....
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\doqitiqn.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\hngoctdm.dll
C:\WINDOWS\system32\nqitiqod.ini
C:\WINDOWS\system32\pmnljhf.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\abeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\doqitiqn.dll
C:\WINDOWS\system32\doqitiqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeba.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hngoctdm.dll
C:\WINDOWS\system32\hngoctdm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nqitiqod.ini
C:\WINDOWS\system32\nqitiqod.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnljhf.dll
C:\WINDOWS\system32\pmnljhf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 8:03:50 AM 07/06/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 7:07:33 PM 07/06/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
System.ini:
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON -
Looks great so far.
Please post a HijackThis log for review. -
Logfile of HijackThis v1.99.1
Scan saved at 8:14:16 PM, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\DOCUME~1\p0713160\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\p0713160\Desktop\Setup\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sp.edu.sg/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/help/aw/evhelp/0.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\pmnljhf.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AACAB351-07F7-4D24-8C44-3FAB8EBED017} - C:\WINDOWS\system32\geeba.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170669123703
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = sd.sp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sd.sp.edu.sg
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RaySat_3dsmax8 Server (RaySat_3dsmax8Server) - Unknown owner - C:\Program Files\Autodesk\VIZ2007\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -
Show hidden files and folders
- [*]Open My Computer.
[*]Go to Tools > Folder Options.
[*]Select the View tab.
[*]Scroll down to Hidden files and folders.
[*]Select Show hidden files and folders.
[*]Uncheck (untick) Hide extensions of known file types.
[*]Uncheck (untick) Hide protected operating system files (Recommended).
[*]Click Yes when prompted.
[*]Click OK.
[*]Close My Computer.
Can you please upload this file to Virus Total or Jotti for a scan.
The file is: C:\Program.exe -
that smitfraud cleaning thing doesn't always work, usually always have some remnants left. Like one time my office comp had this bad trojan from the spylocked spyware, cleaning instructions off the net told to use smitfraud, but the bl00dy trojan still left the blinking icon in the system tray till one day i installed nod32 av in it, hohoho.
-
i kenna this stupid spyware before
use SUPERAntiSpyware Free Edition, it will works! -
Not updated yet... they change faster than the programmer can change...
-
Originally posted by ndmmxiaomayi:
I cannot find C:\Program.exe in my computer leh
[b]Show hidden files and folders- [*]Open My Computer.
[*]Go to Tools > Folder Options.
[*]Select the View tab.
[*]Scroll down to Hidden files and folders.
[*]Select Show hidden files and folders.
[*]Uncheck (untick) Hide extensions of known file types.
[*]Uncheck (untick) Hide protected operating system files (Recommended).
[*]Click Yes when prompted.
[*]Click OK.
[*]Close My Computer.
Can you please upload this file to Virus Total or Jotti for a scan.
The file is: C:\Program.exe[/b] -
Hmm.. OK.Originally posted by rpgragnarok:I cannot find C:\Program.exe in my computer leh
Turn off Lavasoft AdWatch temporarily- [*]Right click on the Ad-Watch icon in the system tray (next to the clock).
[*]There will be two options called Active and Automatic.
[*]Uncheck (untick) both of these boxes.
Turn off Spybot Search & Destroy Teatimer temporarily- [*]Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
[*]Click on Mode > Advanced Mode. When it prompts you, click Yes.
[*]On the left hand side, click on Tools.
[*]Check (tick) this box if it is not yet ticked: Resident.
[*]You will notice that Resident is now added under Tools. Click on Resident.
[*]Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
[*]Exit Spybot Search & Destroy.
Open HijackThis and select Do a system scan only.
Put a check (tick) against these entries (if found):
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\pmnljhf.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
Click Fix checked. -
hmm..done what you says le , anything else for me to do?? or issit taken care of le?
-
Please go to Kaspersky website and perform an online antivirus scan.
Please use Internet Explorer as it uses ActiveX.- [*]Click on Kaspersky Online Scanner button.
[*]Read through the requirements and privacy statement and click on Accept button.
[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
[*]When the downloads have finished, click on Next button.
[*]Click on Scan Settings button.
[*]Select extended under Scan using the following antivirus database:
[*]Check (tick) these boxes under Scan options:- [*]Scan Archives
[*]Scan Mail Bases
[*]Click on My Computer under Please select a target to scan:
[*]Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
[*]Copy and paste this log in your next reply.- [*]Please download AVG Anti-Spyware and save it to your desktop.
[*]Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
[*]Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
[*]In the main screen, you should see Your Computer's Security.- [*]Next to Resident Shield, click on Change state. It should now be Inactive.
[*]Next to Automatic Updates, click on Change state. It should now be Inactive.
[*]Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
[*]Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.- [*]When you see BIOS screen, start pressing F8.
[*]A boot menu will appear shortly.
[*]Using the up down arrows, select Safe Mode and press the Enter key.
[*]Windows will now load.
[*]Log in to your usual account.- [*]Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
[*]Now click on the Scanner button at the top.
[*]Select the Settings tab.
[*]Under How to act?, click on Recommended actions and select Quarantine.
[*]Under How to scan?, check (tick) all the boxes.
[*]Under Possibly unwanted software:, check (tick) all the boxes.
[*]Under Reports:, Untick Automatically generate report after every scan and uncheck (untick) the Only if threats were found box.
[*]Under What to scan?, select Scan every file.
[*]Click on the Scanner button at the top.
[*]Select the Scan tab.
[*]Click on Complete System Scan to start the scan.
[*]When the scan has finished, follow the instructions below.
IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.- [*]Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
[*]At the bottom of the window click on the Apply all Actions button. (3)
- [*]Click the Save Report as button.
[*]Save the report to your Desktop.
Post the Kaspersky log and AVG Anti-spyware log in your next report. -
hm... i'm unable to log into my usual account , cause i can't select the server when im in safe mode , because my usual account is logged into SD server(im from SP one) but when in safe mode , i cannot choose which server to log in to. i press more options button also cannot choose , but can log in to the administrator account. what do i do now?
-
Scan in normal mode.Originally posted by rpgragnarok:hm... i'm unable to log into my usual account , cause i can't select the server when im in safe mode , because my usual account is logged into SD server(im from SP one) but when in safe mode , i cannot choose which server to log in to. i press more options button also cannot choose , but can log in to the administrator account. what do i do now? -
okie. Anyway , all these scans might take me till tomorrow morning. So , i will post again tomorrow. CyaOriginally posted by ndmmxiaomayi:Scan in normal mode.
This is for you
-
Kaspersky Log:
Friday, 08 June, 2007 1:27:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/06/2007
Kaspersky Anti-Virus database records: 341373
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 100338
Number of viruses found 10
Number of infected objects 54 / 0
Number of suspicious objects 0
Duration of the scan process 02:46:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070607_Time-185811968_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070607_Time-185811968_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_DBE-NB0713160.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_DBE-NB0713160.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe Ghost Installer: infected - 6 skipped
C:\Documents and Settings\Default User\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe UPX: infected - 6 skipped
C:\Documents and Settings\Default User\Desktop\Setup\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Default User\Desktop\Setup\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\Default User\Desktop\Setup\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe NSIS: infected - 2 skipped
C:\Documents and Settings\Default User\Desktop\Setup\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Default User\Desktop\Setup\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Default User\Desktop\Setup\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Default User\Desktop\Setup\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\tmp\AZU40320.tmp Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\tmp\AZU40321.tmp Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\tmp\AZU40322.tmp Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\tmp\AZU40323.tmp Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\tmp\AZU40324.tmp Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Azureus\tmp\AZU40325.tmp Object is locked skipped
C:\Documents and Settings\p0713160\Application Data\Lavasoft\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped
C:\Documents and Settings\p0713160\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe Ghost Installer: infected - 6 skipped
C:\Documents and Settings\p0713160\Desktop\Setup\Free-SpyHunter-Scanner-Install.exe UPX: infected - 6 skipped
C:\Documents and Settings\p0713160\Desktop\Setup\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\p0713160\Desktop\Setup\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Documents and Settings\p0713160\Desktop\Setup\mIRC v6.2 [Keygen Included]\mIRC 6.2 [Installer].exe NSIS: infected - 2 skipped
C:\Documents and Settings\p0713160\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\p0713160\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\p0713160\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\p0713160\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\ApplicationHistory\ePresentation.exe.e70224e9.ini.inuse Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\Cache\5FD15371d01 Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\History\History.IE5\MSHist012007060720070608\index.dat Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Temp\hsperfdata_p0713160\6048 Object is locked skipped
C:\Documents and Settings\p0713160\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\p0713160\ntuser.dat Object is locked skipped
C:\Documents and Settings\p0713160\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-07.18-57-58.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054081.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054081.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054081.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054081.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054081.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054152.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054152.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054152.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054152.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054152.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054207.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0054209.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055373.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055374.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055378.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055379.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055382.dll Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055383.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP74\A0055627.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP74\A0055627.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP74\A0055627.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP74\A0055634.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP74\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ServicePackFiles\mmwnd.exe Infected: Trojan-Proxy.Win32.Delf.an skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000I.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000I.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000009.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000009.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000005.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000005.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000I.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000I.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\0000000B.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\0000000B.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000005P.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000005P.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000005.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000005.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000003L.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000003L.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000O.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000000O.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000003A.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000003A.que Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\$_2341233.TMP Object is locked skipped
C:\WINDOWS\Temp\$_2341234.TMP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_ab8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\My Documents\Azureus Downloads\Nacho Libre [DVDRip][Eng][2006]\Nacho Libre [DVDRip][Eng][2006].rar Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 01.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 02.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 03.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 04.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 05.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 06.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 07.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 08.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 09.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 10.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 11.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 12.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 13.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 14.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 15.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 16.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 17.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 18.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 19.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 20.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 21.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 22.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 23.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - 24.avi Object is locked skipped
D:\My Documents\Azureus Downloads\[a.f.k.] Kanon - 01-24 & Prelude\[a.f.k.] Kanon - Prelude.avi Object is locked skipped
D:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP74\change.log Object is locked skipped
Scan process completed.
AVG Log:Note:I've selected to make them quarentine but only high risks objects are abled to quarentine , the medium risked objects can only be deleted.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:20:21 AM 08/06/2007
+ Scan result:
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055382.dll -> Hijacker.Small.mw : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.55:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.15:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.7:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.10:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.41:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.8:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.66:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\p0713160\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.28:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.54:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.13:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.46:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.37:C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\Documents and Settings\p0713160\Application Data\Mozilla\Firefox\Profiles\acrrpwvo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{0CCD9644-D39E-4420-B10D-C01657D7298C}\RP72\A0055383.exe -> Trojan.Agent.anr : Cleaned with backup (quarantined).
::Report end -
- [*]Open up HijackThis.
[*]Select Open the Misc Tools section.
[*]Look under System tools.
[*]Click on the Open Uninstall Manager... button.
[*]Click on the Save list... button.
[*]It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
[*]Notepad will open. Press Ctrl + A to select everything. Press Ctrl + C to copy the text. Come back to this thread, click on the Post Reply button. Press Ctrl + V to paste the contents of this log in. -
Acer Camera Driver
Acer Empowering Technology
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer OrbiCam
Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Autodesk DWF Viewer
Autodesk VIZ 2007
AVG Anti-Spyware 7.5
AviSynth 2.5
Azureus
Backburner
Combined Community Codec Pack 2007-02-22
Ease Audio Converter 4.30
Free WMA to MP3 Converter 1.16
Guitar Pro 5.0
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB92838
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB93544
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Launch Manager
Lavasoft Reghance 2.1
Logitech Video Enumerator
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Windows XP Video Decoder Checkup Utility
mIRC
mIWA
mLogView
mMHouse
Mozilla Firefox (2.0.0.4)
mPfMgr
mPfWiz
mProSafe
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
mSSO
MSXML 4.0 SP2 (KB92797
MSXML 6.0 Parser (KB927977)
mToolkit
MVision
mWlsSafe
mWMI
mXML
mZConfig
NTI CD & DVD-Maker
NVIDIA Drivers
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Respondus LockDown Browser
Riva FLV Encoder 2.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB92539
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB89635
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB89642
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB91438
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB91811
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB92139
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB93017
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB93176
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB93216
Skype 3.0
Skype add-on for IE
Skype Plugin Manager
Spybot - Search & Destroy 1.4
SuyinNBCam
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tweak-SE plug-in for Ad-Aware SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB92933
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6b
WIDCOMM Bluetooth Software
Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885453
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
YAWLE 0.5b
YoGen Vocal Remover 3.0.3 -
A lot of things installed.
You will need to uninstall the old versions of Java, that is Java Runtime Environment Update 10 and 11.
Delete this folder:
C:\Documents and Settings\Default User\Desktop\Setup
Turn off your system restore, and restart the computer.
Once the computer restarted, turn it on again.
Are you having any problems? -
Originally posted by ndmmxiaomayi:
Hmm...is there any reason to delete that setup file?? because it is actually created by myself to keep those setup files...
A lot of things installed.
You will need to uninstall the old versions of Java, that is Java Runtime Environment Update 10 and 11.
Delete this [b]folder:
C:\Documents and Settings\Default User\Desktop\Setup
Turn off your system restore, and restart the computer.
Once the computer restarted, turn it on again.
Are you having any problems?[/b] -
Most of the files there are infected... SpyHunter, cracks...Originally posted by rpgragnarok:Hmm...is there any reason to delete that setup file?? because it is actually created by myself to keep those setup files...
Other than the SmitfraudFix tool and HijackThis that is there... they are not needed anyway once your computer is fixed. -
okay..but when i was going to delete it , it says it might make some programs not work , should i continue with it?Originally posted by ndmmxiaomayi:Most of the files there are infected... SpyHunter, cracks...
Other than the SmitfraudFix tool and HijackThis that is there... they are not needed anyway once your computer is fixed. -
Yes.Originally posted by rpgragnarok:okay..but when i was going to delete it , it says it might make some programs not work , should i continue with it? -
Done what you said le.
No problems with that.Whats next?