Jump to content


Physical Memory Dumps Blue Screen Crash

Started by vtec ! Mike, May 08 2007 06:40 AM

  • You cannot reply to this topic
19 replies to this topic

#1 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 08 May 2007 - 06:40 AM

So somehow I got the wonderful Brave Sentry Malware/Spyware/adware whatever it is. Not only does it try to fake programs into looking like they are dangerous but it also downloads spyware/adware/malware to your computer for you until you shut it off.
I have removed the main pieces of bs.. [bs, sigh, figures.] Using multiple removal programs to find out that I have a couple problems that I hope someone can help me with. I don't want to pay the person that created my pc to format it. I have been on this project for about a day and a half already. =/

Problems:
If I try to use "Msconfig" I will crash my computer.
If I try to use "certain" Online Internet Anti-virus programs, in NORMAL mode, it will crash.
After Bit Defender found Viruses it crashed at the end so I can't save the log.
Sometimes in normal mode it will crash after startup. [2 mins]
Many programs such as "Steam" won't even load.
And the worst of all. After MY computer is on the router "Internet Connection" it bogs the internet to poo. No one is able to use the internet until I unplug.

Blue Screen Says:
***0x0000008E, (0xc0000005,0xA5C55 65C,0xA865f670,0x 00000000)
***windev-47c3-72.sys Address A5C556FC base at A5C55000, Datestamp 4639BC7


Please, any help will be nice. I really don't want to reformat. It's not in me to give up.


Logs:

Logfile of HijackThis v1.99.1
Scan saved at 4:23:03 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B47C8D8-7AEA-4C35-8018-173E54F7174B}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{741CE544-DDD2-41B1-9901-AB17E2BF76C3}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CB01B5-4103-4D1E-83AB-3364C6C1CEC7}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC871D36-4011-4FFA-A602-CE588A7B7764}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DBFE41-F9E8-43EE-B4A6-FA8BD8556A91}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62F21A8-3A81-4603-9657-A581EB9EABEF}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE60F44F-9069-4021-9A6D-B67ED5F20B93}: NameServer = 203.146.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\
O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:30:02 PM 5/7/2007

+ Scan result:



C:\WINDOWS\b122.exe -> Adware.Softomate : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Cleaned.


::Report end



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:08:04 PM 5/7/2007

+ Scan result:



C:\WINDOWS\b122.exe -> Adware.Softomate : No action taken.
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : No action taken.
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.53:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.54:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.56:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@4.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\AdDynamix_07_05_2007_03_35_39.asq16827 -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\adrevolver_07_05_2007_03_35_39.asq28145 -> TrackingCookie.Adrevolver : No action taken.
:mozilla.26:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.29:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\casalemedia.com_07_05_2007_03_35_39.asq2995 -> TrackingCookie.Casalemedia : No action taken.
:mozilla.93:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq11478 -> TrackingCookie.Com : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4kgdpwlpg-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyejdjggpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycnd5acoqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywgdjskpa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@cdn.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\FastClick.com_07_05_2007_03_35_39.asq11942 -> TrackingCookie.Fastclick : No action taken.
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.7:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
:mozilla.8:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq18467 -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Qksrv.net_07_05_2007_03_35_39.asq4827 -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\QuestionMarket.com_07_05_2007_03_35_39.asq5436 -> TrackingCookie.Questionmarket : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@real[1].txt -> TrackingCookie.Real : No action taken.
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@realguide.real[1].txt -> TrackingCookie.Real : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\RealMedia.com_07_05_2007_03_35_39.asq32391 -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq29358 -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq15724 -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.19:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.20:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.24:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.94:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Statcounter_07_05_2007_03_35_39.asq14604 -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq26962 -> TrackingCookie.Toplist : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq24464 -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Trafficmp Cookie_07_05_2007_03_35_40.asq153 -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\TribalFusion.com_07_05_2007_03_35_40.asq17421 -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Michael\Cookies\michael@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.82:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.84:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq41 -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_05_2007_03_35_39.asq5705 -> TrackingCookie.Zedo : No action taken.


::Report end

#2 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 08 May 2007 - 06:23 PM

welcome to the forum.

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

#3 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 08 May 2007 - 10:22 PM

"Michael" - 2007-05-08 15:03:58 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Michael\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dlh9jkd1q8.exe
C:\WINDOWS\system32\vexga5me3.exe
C:\WINDOWS\system32\sony.exe.exe
C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\s32.txt
C:\WINDOWS\ws386.ini
C:\WINDOWS\system32\sony.exe
C:\WINDOWS\system32\perfc000.dat
C:\WINDOWS\system32\spoolsvv.sys
C:\WINDOWS\system32\rpcc1.dll
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\windev-47c3-72.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\perfc000.dat


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASPI113210
-------\LEGACY_DRIVER
-------\LEGACY_GB
-------\Driver
-------\gb
-------\windev-47c3-72


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-07 16:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-07 05:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-07 04:11 <DIR> d-------- C:\Program Files\Security Task Manager
2007-05-07 01:13 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\System Tweaker
2007-05-06 23:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-06 22:28 <DIR> d-------- C:\Program Files\Uniblue
2007-05-06 22:24 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Talkback
2007-05-06 15:44 <DIR> d-------- C:\WINDOWS\system32\smpi1
2007-05-06 15:44 <DIR> d-------- C:\Temp\17O7
2007-05-06 15:43 14,918 --a------ C:\WINDOWS\159x.exe
2007-05-06 15:43 <DIR> d-------- C:\Temp
2007-05-01 14:57 <DIR> d-------- C:\Program Files\QuickTime
2007-04-24 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~2.WIN\APPLIC~1\SecTaskMan
2007-04-24 00:48 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Sony
2007-04-24 00:48 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Publish Providers
2007-04-24 00:43 <DIR> d-------- C:\Program Files\Sony Setup
2007-04-23 20:48 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-23 20:48 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-23 20:48 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-23 20:48 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-23 20:48 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-23 20:48 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-23 20:48 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-23 20:48 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-17 05:36 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-04-14 04:12 <DIR> d-------- C:\DOCUME~1\Michael\.housecall6.6


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 13:46:27 -------- d-----w C:\Program Files\Warcraft III
2007-05-08 12:29:39 -------- d-----w C:\Program Files\Steam
2007-05-07 23:02:15 -------- d-----w C:\Program Files\CamStudio
2007-05-07 05:28:11 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\Uniblue
2007-05-01 21:58:34 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-25 00:14:12 -------- d-----w C:\Program Files\Viewpoint
2007-04-17 22:09:50 -------- d-----w C:\Program Files\Common Files\Napster Shared
2007-04-17 22:07:15 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-16 07:36:33 83,717 -c--a-w C:\WINDOWS\War3Unin.dat
2007-04-11 03:07:27 -------- d-----w C:\Program Files\McAfee
2007-04-05 04:49:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-26 07:25:50 -------- d-----w C:\Program Files\mIRC
2007-03-24 22:42:27 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-03-24 22:27:32 -------- d-----w C:\Program Files\ATI Technologies
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:23:07 -------- d-----w C:\Program Files\Bethesda Softworks
2007-03-09 01:22:56 -------- d-----w C:\Program Files\Diablo II
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-10 10:03:21 268,704 ----a-w C:\WINDOWS\OfB11_Setup.exe
2007-02-09 21:11:15 18,564 -c--a-w C:\WINDOWS\DIIUnin.dat
2007-02-09 21:10:13 21,840 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2007-02-09 21:10:12 17,212 -c--atw C:\WINDOWS\system32\SIntf32.dll
2007-02-09 21:10:12 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2007-02-09 20:48:46 94,208 -c--a-w C:\WINDOWS\DIIUnin.exe
2007-02-09 20:48:46 2,829 -c--a-w C:\WINDOWS\DIIUnin.pif


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uniblue SpyEraser"="\"C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe\" -m"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"ClassicShell"=dword:00000001
"NoThemesTab"=dword:00000000
"NoFavoritesMenu"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoSetFolders"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\
Security Packages kerberosmsv1_0schannelwdigest\
Notification Packages scecli\

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^adobe gamma loader.lnk
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^canon pc1200 ic d600 ir1200g status window.lnk
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE !N

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^hp digital imaging monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^hp image zone fast start.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!avg anti-spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aim6


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ati launchpad


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aticcc
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
C:\Program Files\Dealio\DealioAU.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brave-sentry

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck
%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman
SOUNDMAN.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\steam


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windows update loader
C:\Windows\xpupdate.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService DnsCache\
rpcss RpcSs\
imgsvc StiSvc\
termsvcs TermService\
HTTPFilter HTTPFilter\
DcomLaunch DcomLaunchTermService\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Uniblue SpyEraser.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 15:13:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-08 15:14:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-08 15:14






//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


First off thanks for replying and the help.

I just got new updates and so far my computer seems to be running better.. as for the internet im still not sure about.

#4 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 08 May 2007 - 11:12 PM

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.



Please post the superantispyware log and a new hijackthis log.

#5 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 May 2007 - 12:30 AM

So my avast software found a trojan on my D:/ backup drive.
The Superspyware program found alot of files. =/



Logfile of HijackThis v1.99.1
Scan saved at 5:26:15 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B47C8D8-7AEA-4C35-8018-173E54F7174B}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{741CE544-DDD2-41B1-9901-AB17E2BF76C3}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CB01B5-4103-4D1E-83AB-3364C6C1CEC7}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC871D36-4011-4FFA-A602-CE588A7B7764}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DBFE41-F9E8-43EE-B4A6-FA8BD8556A91}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62F21A8-3A81-4603-9657-A581EB9EABEF}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE60F44F-9069-4021-9A6D-B67ED5F20B93}: NameServer = 203.146.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2007 at 05:19 PM

Application Version : 3.7.1018

Core Rules Database Version : 3233
Trace Rules Database Version: 1244

Scan type : Complete Scan
Total Scan Time : 00:58:04

Memory items scanned : 361
Memory threats detected : 0
Registry items scanned : 6252
Registry threats detected : 2
File items scanned : 79048
File threats detected : 67

Adware.Tracking Cookie
C:\Documents and Settings\Michael\Cookies\michael@adbrite[1].txt
C:\Documents and Settings\Michael\Cookies\michael@media.adrevolver[1].txt
C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
C:\Documents and Settings\Michael\Cookies\michael@msnportal.112.2o7[1].txt
C:\Documents and Settings\Michael\Cookies\michael@adbrite[2].txt
C:\Documents and Settings\Michael\Cookies\michael@fastclick[1].txt
C:\Documents and Settings\Michael\Cookies\michael@toplist[1].txt
C:\Documents and Settings\Michael\Cookies\michael@adecn[2].txt
C:\Documents and Settings\Michael\Cookies\michael@adserver.adreactor[1].txt
C:\Documents and Settings\Michael\Cookies\michael@zedo[2].txt
C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[2].txt
C:\Documents and Settings\Michael\Cookies\michael@vmix.adbureau[1].txt
C:\Documents and Settings\Michael\Cookies\michael@specificclick[1].txt
C:\Documents and Settings\Michael\Cookies\michael@adrevolver[2].txt
C:\Documents and Settings\Michael\Cookies\michael@ar.atwola[1].txt
C:\Documents and Settings\Michael\Cookies\michael@www.googleadservices[2].txt
C:\Documents and Settings\Michael\Cookies\michael@yadro[1].txt
C:\Documents and Settings\Michael\Cookies\michael@www.googleadservices[3].txt
C:\Documents and Settings\Michael\Cookies\michael@revsci[1].txt
C:\Documents and Settings\Michael\Cookies\michael@realmedia[2].txt
C:\Documents and Settings\Michael\Cookies\michael@imrworldwide[2].txt
C:\Documents and Settings\Michael\Cookies\michael@adopt.euroclick[2].txt
C:\Documents and Settings\Michael\Cookies\michael@precisionclick[2].txt
C:\Documents and Settings\Michael\Cookies\michael@qksrv[2].txt
C:\Documents and Settings\Michael\Cookies\michael@casalemedia[1].txt
C:\Documents and Settings\Michael\Cookies\michael@2o7[1].txt
C:\Documents and Settings\Michael\Cookies\michael@trafficmp[2].txt
C:\Documents and Settings\Michael\Cookies\michael@serving-sys[1].txt
C:\Documents and Settings\Michael\Cookies\michael@tribalfusion[1].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.pointroll[1].txt
C:\Documents and Settings\Michael\Cookies\michael@edge.ru4[1].txt
C:\Documents and Settings\Michael\Cookies\michael@campaign.indieclick[1].txt
C:\Documents and Settings\Michael\Cookies\michael@statcounter[1].txt
C:\Documents and Settings\Michael\Cookies\michael@apmebf[2].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.adbrite[2].txt
C:\Documents and Settings\Michael\Cookies\michael@cdn.euroclick[2].txt
C:\Documents and Settings\Michael\Cookies\michael@ads.addynamix[1].txt
C:\Documents and Settings\Michael\Cookies\michael@tacoda[2].txt
C:\Documents and Settings\Michael\Cookies\michael@tradedoubler[2].txt
C:\Documents and Settings\Michael\Cookies\michael@count1.altastat[1].txt
C:\Documents and Settings\Michael\Cookies\michael@4.adbrite[1].txt
C:\Documents and Settings\Michael\Cookies\michael@questionmarket[2].txt
C:\Documents and Settings\Michael\Cookies\michael@www.fullreleases[1].txt
C:\Documents and Settings\Michael\Cookies\michael@cpvfeed[2].txt
C:\Documents and Settings\Michael\Cookies\michael@adopt.specificclick[2].txt
C:\Documents and Settings\Michael\Cookies\michael@rambler[1].txt
C:\Documents and Settings\Michael\Cookies\michael@tremor.adbureau[2].txt
C:\Documents and Settings\Michael\Cookies\michael@bs.serving-sys[2].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@ads.cd-rw[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@ads.flooble[2].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@ads.flooble[3].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@ads.primeinteractive[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@clickability[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@link.vericlick[2].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@mediamgr.ugo[2].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@media[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@metareward[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@nextag[2].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@rightmedia[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@webpower[1].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@www.coolcounters[2].txt
D:\Mike Backup\Mikes Programs\Michael Documents and Settings\Cookies\michael@www.xxxgateways[1].txt

Trojan.BraveSentry
HKU\S-1-5-21-1482476501-1935655697-839522115-1003\Software\Brave-Sentry

Adware.Web Buying
HKU\S-1-5-21-1482476501-1935655697-839522115-1003\Software\WebBuying

Trojan.IBM/Shell
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00001.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\IBM00002.DLL.VIR

Trojan.Rootkit-Windev/I
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINDEV-47C3-72.SYS.VIR

Trojan.Downloader-OFB11/Setup
C:\WINDOWS\OFB11_SETUP.EXE

Trojan.Downloader-WinCom32/Rootkit-Trace
C:\WINDOWS\SYSTEM32\WINCOM32.INI

#6 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 09 May 2007 - 01:14 AM

Avast is an ok program, you just have a lot of bad infections it doesn't find.

Open hijackthis and do a system scan only. Then check off the following entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B47C8D8-7AEA-4C35-8018-173E54F7174B}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{741CE544-DDD2-41B1-9901-AB17E2BF76C3}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CB01B5-4103-4D1E-83AB-3364C6C1CEC7}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC871D36-4011-4FFA-A602-CE588A7B7764}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2DBFE41-F9E8-43EE-B4A6-FA8BD8556A91}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62F21A8-3A81-4603-9657-A581EB9EABEF}: NameServer = 203.146.0.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE60F44F-9069-4021-9A6D-B67ED5F20B93}: NameServer = 203.146.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{62BAC362-29F4-439C-AD6D-DB573647E1E4}: NameServer = 203.146.0.20

Now press "fix checked" and exit hijackthis.

--------------

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

Download AVG Anti-Spyware
  • Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top and then click on Complete System Scan
  • Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
  • Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Note that this is not AVG antivirus but the program formally known as Ewido.

Post a blacklight log, a AVG Antispyware log, and a new hijackthis log.

#7 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 May 2007 - 03:15 AM

Black Light found nothing.


05/08/07 18:21:35 [Info]: BlackLight Engine 1.0.61 initialized
05/08/07 18:21:35 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/08/07 18:21:35 [Note]: 7019 4
05/08/07 18:21:35 [Note]: 7005 0
05/08/07 18:22:28 [Note]: 7006 0
05/08/07 18:22:28 [Note]: 7011 204
05/08/07 18:22:28 [Note]: 7026 0
05/08/07 18:22:28 [Note]: 7026 0
05/08/07 18:22:31 [Note]: FSRAW library version 1.7.1021
05/08/07 18:29:42 [Note]: 2000 1012
05/08/07 18:29:42 [Note]: 2000 1012
05/08/07 18:29:42 [Note]: 2000 1012
05/08/07 18:34:22 [Note]: 7007 0



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:45:25 PM 5/8/2007

+ Scan result:



C:\QooBox\Quarantine\C\WINDOWS\system32\perfc000.dat.vir -> Backdoor.Small.os : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\vexga5me3.exe.vir -> Downloader.Agent.bls : Cleaned.
C:\WINDOWS\system32\smpi1\lib06.exe -> Downloader.Agent.bls : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\sony.exe.exe.vir -> Downloader.Tibs.ku : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\sony.exe.vir -> Downloader.Tibs.ku : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.sys.vir -> Proxy.Agent.ji : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\rpcc1.dll.vir -> Proxy.Dlena : Cleaned.
:mozilla.56:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.82:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.137:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.138:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.129:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.98:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.116:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.117:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.118:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.119:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.120:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.121:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.127:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.24:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.26:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.29:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\wincom32.sys.vir -> Trojan.Tibs.w : Cleaned.


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 8:12:16 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#8 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 09 May 2007 - 03:21 AM

You can delete this folder:
C:\QooBox\Quarantine


Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.

#9 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 09 May 2007 - 05:49 AM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 08, 2007 10:47:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/05/2007
Kaspersky Anti-Virus database records: 315663
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 149501
Number of viruses found: 6
Number of infected objects: 18 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:43:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\ACT8Demo.ADF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\ACT8Demo.ALF Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\history.dat Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\key3.db Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Michael\Application Data\Uniblue\SpyEraser\Quarantine\Malware (General Components)_07_05_2007_16_02_16.asq19169 Infected: not-a-virus:Server-FTP.Win32.Serv-U.61 skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{D0170C67-EFB5-4418-92F9-7A4200FC2DA7}\Microsoft\Outlook Express\Deleted Items.dbx/[From helenita3@verizon.net][Date Wed, 2 Feb 2005 11:30:15 -0800]/details.doc Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{D0170C67-EFB5-4418-92F9-7A4200FC2DA7}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\urb4nqxa.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012007050820070509\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\servuv6.1.0.0corporateserialtwk.zip/susetup.exe/CHECKUPDATE.DLL Infected: not-a-virus:Server-FTP.Win32.Serv-U.6105 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\servuv6.1.0.0corporateserialtwk.zip/susetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.61 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\servuv6.1.0.0corporateserialtwk.zip/susetup.exe/SERVUTRAY.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\servuv6.1.0.0corporateserialtwk.zip/susetup.exe/SERVUADMIN.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.6105 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\servuv6.1.0.0corporateserialtwk.zip/susetup.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6105 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\servuv6.1.0.0corporateserialtwk.zip ZIP: infected - 5 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\susetup.exe/CHECKUPDATE.DLL Infected: not-a-virus:Server-FTP.Win32.Serv-U.6105 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\susetup.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.61 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\susetup.exe/SERVUTRAY.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\susetup.exe/SERVUADMIN.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.6105 skipped
C:\Documents and Settings\Michael\My Documents\New Downloads\susetup.exe ZIP: infected - 4 skipped
C:\Documents and Settings\Michael\ntuser.dat Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\LOG\ERRORLOG Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Serv-U\ServUAdmin.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6105 skipped
C:\Program Files\Serv-U\ServUTray.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_74c.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_78c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINXP\$NtUninstallKB824141$\sysmain.sdb Object is locked skipped
C:\WINXP\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINXP\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINXP\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINXP\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINXP\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINXP\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINXP\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\httpod51.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\ssdpapi.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\ssdpsrv.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\ssinc51.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\url.dll Object is locked skipped
C:\WINXP\$NtUninstallQ309521$\wininet.dll Object is locked skipped
C:\WINXP\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
C:\WINXP\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
C:\WINXP\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
C:\WINXP\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
C:\WINXP\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
C:\WINXP\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
C:\WINXP\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
C:\WINXP\$NtUninstallQ315000$\upnp.dll Object is locked skipped
C:\WINXP\$NtUninstallQ323172$\reg00003 Object is locked skipped
C:\WINXP\$NtUninstallQ323172$\reg00005 Object is locked skipped
C:\WINXP\$NtUninstallQ323172$\reg00008 Object is locked skipped
C:\WINXP\$NtUninstallQ323172$\reg00009 Object is locked skipped
C:\WINXP\$NtUninstallQ323172$\reg00010 Object is locked skipped
C:\WINXP\$NtUninstallQ323172$\reg00011 Object is locked skipped
C:\WINXP\$NtUninstallQ328940$\reg00003 Object is locked skipped
C:\WINXP\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINXP\$NtUninstallQ828026$\msdxm.ocx.000 Object is locked skipped
C:\WINXP\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINXP\$NtUninstallQ828026$\wmpcore.dll.000 Object is locked skipped
D:\back\$WIN_NT$.~BT\1394bus.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\abp480n5.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\acpi.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\acpiec.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\adpu160m.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\aha154x.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\aic78u2.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\aic78xx.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\aliide.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\amsint.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\asc.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\asc3350p.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\asc3550.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\atapi.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\biosinfo.inf Object is locked skipped
D:\back\$WIN_NT$.~BT\BOOTSECT.DAT Object is locked skipped
D:\back\$WIN_NT$.~BT\bootvid.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\cbidf2k.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\cd20xrnt.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\cdfs.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\cdrom.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\classpnp.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\cmdide.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\cpqarray.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\c_1252.nl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\c_437.nl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\dac2w2k.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\dac960nt.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\disk.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\disk101 Object is locked skipped
D:\back\$WIN_NT$.~BT\disk102 Object is locked skipped
D:\back\$WIN_NT$.~BT\disk103 Object is locked skipped
D:\back\$WIN_NT$.~BT\disk104 Object is locked skipped
D:\back\$WIN_NT$.~BT\dmboot.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\dmio.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\dmload.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\dpti2o.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\drvmain.sdb Object is locked skipped
D:\back\$WIN_NT$.~BT\fastfat.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\fdc.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\flpydisk.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ftdisk.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\hal.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\halaacpi.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\halacpi.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\halapic.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\hidclass.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\hidparse.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\hidusb.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\hpn.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\hpt3xx.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\i2omgmt.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\i2omp.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\i8042prt.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ini910u.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\intelide.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\isapnp.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\kbdclass.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\kbdhid.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\kbdus.dll Object is locked skipped
D:\back\$WIN_NT$.~BT\kd1394.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\kdcom.dl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ksecdd.sys Object is locked skipped
D:\back\$WIN_NT$.~BT\lbrtfdc.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\l_intl.nl_ Object is locked skipped
D:\back\$WIN_NT$.~BT\migrate.inf Object is locked skipped
D:\back\$WIN_NT$.~BT\mountmgr.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\mraid35x.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ntdetect.com Object is locked skipped
D:\back\$WIN_NT$.~BT\ntfs.sys Object is locked skipped
D:\back\$WIN_NT$.~BT\ntkrnlmp.ex_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ohci1394.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\oprghdlr.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\partmgr.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\pci.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\pciide.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\pciidex.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\pcmcia.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\perc2.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\perc2hib.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ql1080.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ql10wnt.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ql12160.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ql1240.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ql1280.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\ramdisk.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\sbp2port.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\scsiport.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\serenum.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\serial.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\setupdd.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\setupldr.bin Object is locked skipped
D:\back\$WIN_NT$.~BT\setupreg.hiv Object is locked skipped
D:\back\$WIN_NT$.~BT\sfloppy.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\sparrow.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\spcmdcon.sys Object is locked skipped
D:\back\$WIN_NT$.~BT\spddlang.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\symc810.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\symc8xx.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\sym_hi.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\sym_u3.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\system32\ntdll.dll Object is locked skipped
D:\back\$WIN_NT$.~BT\system32\smss.exe Object is locked skipped
D:\back\$WIN_NT$.~BT\tffsport.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\toside.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\txtsetup.sif Object is locked skipped
D:\back\$WIN_NT$.~BT\ultra.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\updates.cab Object is locked skipped
D:\back\$WIN_NT$.~BT\updates.sif Object is locked skipped
D:\back\$WIN_NT$.~BT\usbccgp.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\usbd.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\usbhub.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\usbohci.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\usbport.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\usbstor.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\usbuhci.sys Object is locked skipped
D:\back\$WIN_NT$.~BT\vga.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\vgaoem.fo_ Object is locked skipped
D:\back\$WIN_NT$.~BT\viaide.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\videoprt.sy_ Object is locked skipped
D:\back\$WIN_NT$.~BT\winnt.sif Object is locked skipped
D:\back\$WIN_NT$.~BT\wmilib.sy_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\AtiCim.bin Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\AtiCimUn.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\AtiCIM.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\atiicdxx.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\atiicdxx.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\atiicdxx.sys Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\atiicdxx.vxd Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\atricdxx.dft Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\atricdxx.enu Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\BIN\OEMInstall.bmp Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CheckVer.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\16126_2K.REG Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\16126_XP.REG Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\CPanel.dat Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\CPANEL.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\CP_2K.REG Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\CP_XP.REG Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\data1.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\data1.hdr Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\data2.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\FGL_32.REG Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\ikernel.ex_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\INSTALL.INI Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\layout.bin Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\Setup.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\Setup.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\setup.inx Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\setup.iss Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\CPanel\setup_shortcut.iss Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\data1.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\data1.hdr Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\data2.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\atiiseag.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2cqag.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2dvag.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2edxx.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2evxx.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2evxx.ex_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2mdxx.ex_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati2mtag.sy_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ati3duag.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\atiddc.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ATIDEMGR.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\atiiiexx.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\atioglxx.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\atipdlxx.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\atitvo32.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ativcoxx.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\ativvaxx.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\B_16143\oemdspif.dl_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\C2_16126.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\CX_16126.cat Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\2KXP_INF\CX_16126.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\C2_16126.INI Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\CX_16126.INI Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\data1.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\data1.hdr Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\data2.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\Driver.dat Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\Driver.DLL Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\ikernel.ex_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\INSTALL.INI Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\layout.bin Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\Setup.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\Setup.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\setup.inx Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\setup.iss Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Driver\_setup.bmp Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\ikernel.ex_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\install.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\issetup.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\layout.bin Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\psapi.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Setup.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\Setup.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\setup.inx Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\data1.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\data1.hdr Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\data2.cab Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\ikernel.ex_ Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\INSTALL.INI Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\layout.bin Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\setup.exe Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\setup.ini Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\setup.inx Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM.dat Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ati9xwdm.cat Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\atitunep.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATITVSND.INF Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvBTXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativdaxx.ax Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativmc20.cod Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativmdxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvMDXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativmvxx.ax Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativmvxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativpdxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvPDXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativraxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvRAXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativrvxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvRVXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvSNXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativtmxx.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativttxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvTTXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvTUXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativxbxx.sys Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ativxsxx.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIvXSXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\ATIXBAR.INF Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_9x\bt829.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINBTXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINMDXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINPDXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINRAXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINRVXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINSNXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINTTXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINTUXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\atinxbxx.sys Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATINXSXX.SYS Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATIVDAXX.AX Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ativmc20.cod Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ATIVMVXX.AX Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\ativtmxx.dll Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\atixpwdm.cat Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\WDM\WDM_XP\atixpwdm.inf Object is locked skipped
D:\back\ATI\SUPPORT\wxp-w2k-catalyst-8-03-040610a-016126c\wxp-w2k-catalyst-8-03-040610a-016126c.txt Object is locked skipped
D:\FixKorgo.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9DDBFC6E-2E74-4BA0-B063-5B2D073228EF}\RP2\A0006243.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

Scan process completed.

#10 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 10 May 2007 - 03:09 AM

bump

#11 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 10 May 2007 - 03:37 AM

Find and delete this old email(you may have to enable hidden files and folders by going to my documents>tools>folder options>view>enable hidden files and folders.):

C:\Documents and Settings\Michael\Local Settings\Application Data\Identities\{D0170C67-EFB5-4418-92F9-7A4200FC2DA7}\Microsoft\Outlook Express\Deleted Items.dbx/[From helenita3@verizon.net][Date Wed, 2 Feb 2005 11:30:15 -0800]/details.doc

Let me know if everything seems fixed.
If your still having problems let me know what they are.

Make sure you post back because your not quite done yet.

#12 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 10 May 2007 - 05:35 AM

Well I couldnt go in there it was a missing program file or something..
basically couldnt open .dbx files.
I scanned it came up with a virus and deleted it then deleted the previous folder.


all seems well but when my computer starts up and it goes to the user login screen for some reason:

the computer screen shuts off then back on real quick..
could it just be the monitor?

#13 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 10 May 2007 - 05:37 AM

Another thing how can I delete the unused programs in my startup tab under msconfig?

regedit?

#14 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 10 May 2007 - 09:15 PM

Has it been doing the monitor thing since you got it or just after we started fixing the viruses?
If you want to clean up what starts up with your computer I suggest you try a program called autoruns:
http://www.microsoft.com/technet/sysintern...n/Autoruns.mspx

It will simply let you check and uncheck whatever you want.

#15 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 10 May 2007 - 10:01 PM

View Postrridgely, on May 10 2007, 02:15 PM, said:

Has it been doing the monitor thing since you got it or just after we started fixing the viruses?
If you want to clean up what starts up with your computer I suggest you try a program called autoruns:
http://www.microsoft.com/technet/sysintern...n/Autoruns.mspx

It will simply let you check and uncheck whatever you want.


Since I got the virus.
I can uncheck the programs but i want to delete them from the startup tab.

Anything else I should do?

#16 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 11 May 2007 - 01:33 AM

Its better to uncheck them in case problem occur from disabling them.
Do you have another monitor around? If so try hooking it up to the pc to see if it does the same thing.

#17 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 11 May 2007 - 03:45 AM

naw that was just my monitor setting it to what i had on catalyst.

any other things?

#18 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 11 May 2007 - 03:51 AM

nope if everything seems back to normal then you should be good to go. :)

#19 OFFLINE   vtec ! Mike

    Member

  • Members
  • PipPip
  • 12 posts

Posted 11 May 2007 - 09:20 AM

View Postrridgely, on May 10 2007, 08:51 PM, said:

nope if everything seems back to normal then you should be good to go. :)


thanks alot man its greatly appreciated.
I will definately support piriform...

guys have any banners or something?

#20 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 12 May 2007 - 03:26 AM

On the main page there are some buttons that you could put on a site if you want. :)
http://www.CCleaner.com/help/faq/show/?Can...m_on_my_website
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell