Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Benf

Pages: [1]
1
Tech Clinic / trouble, trouble, trouble!
« on: September 07, 2006, 04:52:14 AM »
Thankyou very much for all your help I think I am ok now, I got rid of comodo and it appears that was causing the network problems so am now running windows firewall with Kaspersky AV and seems ok. Thanks again.

Ben

2
Tech Clinic / trouble, trouble, trouble!
« on: September 01, 2006, 03:04:58 PM »
Just had kaspersky giv an alert for this one too:

Trojan.Win32.Small.js

Kaspersky log:


Protection
----------
Total scanned:   26013
Detected:   9
Untreated:   1
Start time:   01/09/2006 20:25:39
Duration:   00:37:59


Detected
--------
Status   Object
------   ------
deleted: Trojan program Trojan-Downloader.Win32.Zlob.agf   File: C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024879.exe
deleted: Trojan program Trojan-Downloader.Win32.Zlob.agf   File: C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024893.exe
deleted: virus Email-Worm.Win32.NetSky.q   Mail body: C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Inbox\[From:[email protected]][Subject:????????][Time:2006/07/30 23:27:18]\PlainBody/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip\document.txt                                                                   .exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.avl   File: C:\Documents and Settings\B\Desktop\combofix.exe/PE_Patch.UPX/UPX
detected: Trojan program Trojan-Dropper.Win32.Agent.avl   File: C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\C5Q3O1QJ\combofix[1].exe/PE_Patch.UPX/UPX
deleted: Trojan program Trojan.Win32.Small.js   File: C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024941.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.da   File: C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025129.dll
deleted: Trojan program Trojan.Win32.Small.js   File: C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025130.exe
deleted: virus Packed.Win32.Klone.g   File: C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025131.dll/PE_Patch.PECompact/PecBundle/PECompact


Events
------
Time   Event
----   -----
29/08/2006 20:25:57   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
29/08/2006 20:28:27   Update completed successfully.
29/08/2006 20:31:06   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
29/08/2006 20:31:26   Process  (PID 4) tried to access Kaspersky Anti-Virus 6.0 process (PID 1604), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
29/08/2006 20:33:11   Please restart your computer to complete the installation of new or updated protection components.
29/08/2006 20:33:11   Update completed successfully.
29/08/2006 20:57:06   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
29/08/2006 20:57:37   Process  (PID 4) tried to access Kaspersky Anti-Virus 6.0 process (PID 1676), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
29/08/2006 21:33:22   Some protection services are disabled.
29/08/2006 21:35:47   Update error: cannot establish connection.
29/08/2006 21:38:09   Kaspersky Anti-Virus 6.0 is not activated.
29/08/2006 21:39:19   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
29/08/2006 21:39:25   Some protection services are disabled.
29/08/2006 23:05:07   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
29/08/2006 23:05:11   Some protection services are disabled.
29/08/2006 23:27:13   Update completed successfully.
30/08/2006 21:59:02   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
30/08/2006 21:59:02   Some protection services are disabled.
30/08/2006 22:12:52   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
30/08/2006 22:12:53   Some protection services are disabled.
30/08/2006 22:14:24   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
30/08/2006 22:14:24   Some protection services are disabled.
30/08/2006 23:18:00   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
30/08/2006 23:18:00   Some protection services are disabled.
30/08/2006 23:26:02   Update completed successfully.
31/08/2006 08:20:21   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
31/08/2006 08:20:21   Some protection services are disabled.
31/08/2006 08:56:42   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
31/08/2006 08:56:43   Some protection services are disabled.
31/08/2006 09:29:12   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
31/08/2006 09:29:13   Some protection services are disabled.
31/08/2006 21:08:11   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
31/08/2006 21:08:11   Some protection services are disabled.
31/08/2006 21:39:49   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024879.exe: detected Trojan program Trojan-Downloader.Win32.Zlob.agf
31/08/2006 21:39:49   Security threats have been detected. You are advised to neutralize them immediately.
31/08/2006 22:15:37   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024879.exe: deleted
31/08/2006 22:26:41   Process  (PID 1772) tried to access Kaspersky Anti-Virus 6.0 process (PID 1720), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 22:27:41   Process  (PID 2348) tried to access Kaspersky Anti-Virus 6.0 process (PID 1720), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 22:27:41   Process  (PID 2348) tried to access Kaspersky Anti-Virus 6.0 process (PID 2128), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 22:29:06   Process  (PID 1676) tried to access Kaspersky Anti-Virus 6.0 process (PID 1720), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 22:29:06   Process  (PID 1676) tried to access Kaspersky Anti-Virus 6.0 process (PID 2128), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 23:02:50   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024893.exe: detected Trojan program Trojan-Downloader.Win32.Zlob.agf
31/08/2006 23:02:50   Security threats have been detected. You are advised to neutralize them immediately.
31/08/2006 23:03:47   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024893.exe: deleted
31/08/2006 23:09:32   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
31/08/2006 23:09:33   Some protection services are disabled.
31/08/2006 23:12:31   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
31/08/2006 23:12:31   Some protection services are disabled.
31/08/2006 23:14:47   Mail body C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Inbox\[From:[email protected]][Subject:????????][Time:2006/07/30 23:27:18]\PlainBody/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip\document.txt                                                                   .exe: detected virus Email-Worm.Win32.NetSky.q
31/08/2006 23:14:47   Security threats have been detected. You are advised to neutralize them immediately.
31/08/2006 23:14:47   Mail body C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Inbox\[From:[email protected]][Subject:????????][Time:2006/07/30 23:27:18]\PlainBody/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip\document.txt                                                                   .exe: is not disinfected, postponed
31/08/2006 23:15:36   Mail body c:\documents and settings\b\local settings\application data\microsoft\outlook\outlook.pst\Personal Folders\Top of Personal Folders\Inbox\[From:[email protected]][Subject:Message is infected : ????????][Time:2006/07/30 23:27:18]\PlainBody/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip\document.txt                                                                   .exe: detected virus Email-Worm.Win32.NetSky.q
31/08/2006 23:19:08   Mail body c:\documents and settings\b\local settings\application data\microsoft\outlook\outlook.pst\Personal Folders\Top of Personal Folders\Inbox\[From:[email protected]][Subject:Message is infected : ????????][Time:2006/07/30 23:27:18]\PlainBody: deleted
31/08/2006 23:22:44   Process  (PID 608) tried to access Kaspersky Anti-Virus 6.0 process (PID 1672), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 23:22:44   Process  (PID 608) tried to access Kaspersky Anti-Virus 6.0 process (PID 2332), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
31/08/2006 23:26:04   Update completed successfully.
31/08/2006 23:37:29   File C:\Documents and Settings\B\Desktop\combofix.exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Dropper.Win32.Agent.avl
31/08/2006 23:37:29   Security threats have been detected. You are advised to neutralize them immediately.
31/08/2006 23:39:00   File C:\Documents and Settings\B\Desktop\combofix.exe: deleted
01/09/2006 08:06:40   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
01/09/2006 08:06:40   Some protection services are disabled.
01/09/2006 20:08:00   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
01/09/2006 20:08:01   Some protection services are disabled.
01/09/2006 20:22:29   Process  (PID 412) tried to access Kaspersky Anti-Virus 6.0 process (PID 1668), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
01/09/2006 20:22:29   Process  (PID 412) tried to access Kaspersky Anti-Virus 6.0 process (PID 2096), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
01/09/2006 20:25:38   A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
01/09/2006 20:25:39   Some protection services are disabled.
01/09/2006 20:39:32   File C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\C5Q3O1QJ\combofix[1].exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Dropper.Win32.Agent.avl
01/09/2006 20:39:32   Security threats have been detected. You are advised to neutralize them immediately.
01/09/2006 20:40:00   File C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\C5Q3O1QJ\combofix[1].exe/PE_Patch.UPX/UPX cannot be deleted
01/09/2006 20:47:24   File C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\C5Q3O1QJ\combofix[1].exe/PE_Patch.UPX/UPX: detected Trojan program Trojan-Dropper.Win32.Agent.avl
01/09/2006 20:47:34   File C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\C5Q3O1QJ\combofix[1].exe cannot be deleted
01/09/2006 20:54:56   Process  (PID 3544) tried to access Kaspersky Anti-Virus 6.0 process (PID 1912), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
01/09/2006 20:54:56   Process  (PID 3544) tried to access Kaspersky Anti-Virus 6.0 process (PID 2028), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
01/09/2006 21:00:45   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024941.exe: detected Trojan program Trojan.Win32.Small.js
01/09/2006 21:02:19   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024941.exe: deleted
01/09/2006 21:02:19   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025129.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.da
01/09/2006 21:02:30   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025129.dll: deleted
01/09/2006 21:02:30   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025130.exe: detected Trojan program Trojan.Win32.Small.js
01/09/2006 21:02:36   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025130.exe: deleted
01/09/2006 21:02:36   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025131.dll/PE_Patch.PECompact/PecBundle/PECompact: detected virus Packed.Win32.Klone.g
01/09/2006 21:02:36   File C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025131.dll: deleted


Reports
-------
Task   Status   Start   Finish   Size
----   ------   -----   ------   ----
Proactive Defense   running   01/09/2006 20:25:39      0 bytes
File Anti-Virus   running   01/09/2006 20:25:39      3.7 MB
Mail Anti-Virus   running   01/09/2006 20:25:39      16.2 KB
Scan Startup Objects   completed   01/09/2006 20:27:53   01/09/2006 20:28:08   629.3 KB


Quarantine
----------
Status   Object   Size   Added
------   ------   ----   -----


Backup
------
Status   Object   Size
------   ------   ----
Infected: Trojan program Trojan-Dropper.Win32.Agent.avl   C:\Documents and Settings\B\Desktop\combofix.exe   291.5 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.da   C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025129.dll   560 KB
Infected: virus Email-Worm.Win32.NetSky.q   c:\documents and settings\b\local settings\application data\microsoft\outlook\outlook.pst   114.3 MB
Infected: Trojan program Trojan.Win32.Small.js   C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024941.exe   11.5 KB
Infected: Trojan program Trojan.Win32.Small.js   C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025130.exe   11.5 KB
Infected: Trojan program Trojan-Downloader.Win32.Zlob.agf   C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024879.exe   5 KB
Infected: Trojan program Trojan-Downloader.Win32.Zlob.agf   C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024893.exe   35.5 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.avl   C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\C5Q3O1QJ\combofix[1].exe   291.5 KB
Infected: virus Packed.Win32.Klone.g   C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025131.dll   18.5 KB

3
Tech Clinic / trouble, trouble, trouble!
« on: September 01, 2006, 02:50:45 PM »
Sorry for delay in coming back to you but my computer suddenly refused to send any data.  Could not post on here or send emails, or download from internet though could receive mails and surf ok
Working again now after reinstalling modem drivers.   Now getting alerts that trojan-dropper.win32.agent.avl is in combofix file and it will not let me download it again.  I have a log I made yesterday from it so will include that  and a hijack report.

This virus removal business is pretty complex isn't it?!

Anyway:

B - 06-08-31  9:03:50.78
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\B\Desktop

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\components
 
 
(((((((((((((((((((((((((((((((   Files Created from 2006-07-31 to 2006-08-31  ))))))))))))))))))))))))))))))))))
 

2006-08-29   09:05   670,704   ---hs----   C:\WINDOWS\system32\fhhkj.bak2
2006-08-28   15:02   53,248   --a------   C:\WINDOWS\system32\Process.exe
2006-08-28   15:02   42,496   --a------   C:\WINDOWS\system32\swreg.exe
2006-08-28   15:02   40,960   --a------   C:\WINDOWS\system32\swsc.exe
2006-08-28   15:02   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2006-08-28   12:48   632,065   ---hs----   C:\WINDOWS\system32\fhhkj.bak1
2006-08-25   20:16   21,504   --a------   C:\WINDOWS\system32\hidserv.dll
2006-08-24   22:35   49,152   --a------   C:\WINDOWS\system32\ffdrv1.dll
2006-08-24   22:35   290,816   --a------   C:\WINDOWS\system32\Projoycpl.dll
2006-08-24   22:27   43,520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2006-08-24   14:16   737,280   --a------   C:\WINDOWS\iun6002.exe
2006-08-23   13:53   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2006-08-23   13:53   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2006-08-22   22:58   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2006-08-22   22:58   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2006-08-22   22:58   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2006-08-22   22:58   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2006-08-22   22:58   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2006-08-22   22:58   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2006-08-22   21:45   98,304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2006-08-18   15:06   86,016   --a------   C:\WINDOWS\system32\SageNatWestBankline.dll
2006-08-18   15:06   86,016   --a------   C:\WINDOWS\system32\SageBankPayments.dll
2006-08-18   15:06   81,920   --a------   C:\WINDOWS\system32\SGUserInfo.dll
2006-08-18   15:06   81,920   --a------   C:\WINDOWS\system32\SageNatWestOnline.dll
2006-08-18   15:06   81,920   --a------   C:\WINDOWS\system32\sageebanking.dll
2006-08-18   15:06   81,920   --a------   C:\WINDOWS\system32\SageBarclaysOnline.dll
2006-08-18   15:06   81,920   --a------   C:\WINDOWS\system32\SageBarclaysBusinessMasterII.dll
2006-08-18   15:06   69,632   --a------   C:\WINDOWS\system32\SageBankBalances.dll
2006-08-18   15:06   61,440   --a------   C:\WINDOWS\system32\BankServiceUtilities.dll
2006-08-18   15:06   37,224   --a------   C:\WINDOWS\system32\SageStorage.dll
2006-08-18   15:06   368,696   --a------   C:\WINDOWS\system32\S10DBC32.dll
2006-08-18   15:06   335,872   --a------   C:\WINDOWS\system32\SGINFMR.dll
2006-08-18   15:06   322,832   ---------   C:\WINDOWS\system32\MFC30.DLL
2006-08-18   15:06   192,512   --a------   C:\WINDOWS\system32\SageBankReconciliation.dll
2006-08-18   15:06   167,936   --a------   C:\WINDOWS\system32\SGXMLQry.dll
2006-08-18   15:06   139,264   --a------   C:\WINDOWS\system32\SGISAQry.dll
2006-08-18   15:06   127,352   --a------   C:\WINDOWS\system32\SageSoftwareUpdate.dll
2006-08-18   15:06   126,976   --a------   C:\WINDOWS\system32\SGInfProgressBar.dll
2006-08-18   15:06   119,160   --a------   C:\WINDOWS\system32\SageFolderBrowse.dll
2006-08-18   11:30   16,384   --a------   C:\WINDOWS\system32\FileOps.exe
2006-08-17   22:50   60,416   --a------   C:\WINDOWS\system32\DSETUP.dll
2006-08-17   22:48   92,160   --a------   C:\WINDOWS\system32\evntwin.exe
2006-08-17   22:48   8,704   --a------   C:\WINDOWS\system32\snmptrap.exe
2006-08-17   22:48   6,144   --a------   C:\WINDOWS\system32\snmpmib.dll
2006-08-17   22:48   39,936   --a------   C:\WINDOWS\system32\hostmib.dll
2006-08-17   22:48   33,792   --a------   C:\WINDOWS\system32\lmmib2.dll
2006-08-17   22:48   32,768   --a------   C:\WINDOWS\system32\snmp.exe
2006-08-17   22:48   24,064   --a------   C:\WINDOWS\system32\evntcmd.exe
2006-08-17   22:48   101,888   --a------   C:\WINDOWS\system32\evntagnt.dll
2006-08-17   14:41   7,680   --a------   C:\WINDOWS\system32\CNMVS6y.DLL
2006-08-17   14:41   116,736   --a------   C:\WINDOWS\system32\CNMLM6y.DLL
2006-08-17   14:32   98,304   --a------   C:\WINDOWS\system32\CNCSUT60.DLL
2006-08-17   14:32   90,112   --a------   C:\WINDOWS\system32\CNCI780.DLL
2006-08-17   14:32   81,920   --a------   C:\WINDOWS\system32\CNCSTR60.DLL
2006-08-17   14:32   81,920   --a------   C:\WINDOWS\system32\CNCSIF60.DLL
2006-08-17   14:32   77,824   --a------   C:\WINDOWS\system32\CNCSCM60.DLL
2006-08-17   14:32   69,632   --a------   C:\WINDOWS\system32\CNCL780.DLL
2006-08-17   14:32   561,152   --a------   C:\WINDOWS\system32\CNCC780.DLL
2006-08-17   14:32   49,152   --a------   C:\WINDOWS\system32\cncisco.dll
2006-08-17   14:32   389,180   --a------   C:\WINDOWS\system32\UCS32P.DLL
2006-08-17   14:32   110,592   --a------   C:\WINDOWS\system32\CNCSDO60.DLL
2006-08-17   14:31   20,480   --a------   C:\WINDOWS\system32\CNCFMS60.EXE
2006-08-17   14:31   120,320   --a------   C:\WINDOWS\system32\CNCF2L60.DLL
2006-08-17   13:02   1,650,688   --a------   C:\WINDOWS\system32\cdintf250.dll
2006-08-17   08:39   127,208   --a------   C:\WINDOWS\system32\mucltui.dll
2006-08-16   20:45   53,760   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2006-08-16   20:45   363,520   --a------   C:\WINDOWS\system32\PsisDecd.dll
2006-08-16   20:43   520,192   ---------   C:\WINDOWS\system32\ati2sgag.exe
2006-08-16   13:10   4,096   --a------   C:\WINDOWS\system32\ksuser.dll
2006-08-16   13:08   74,240   --a------   C:\WINDOWS\system32\usbui.dll
2006-08-16   13:07   85,020   --a------   C:\WINDOWS\system32\dgsetup.dll
2006-08-16   13:07   8,192   -ra------   C:\WINDOWS\system32\kbdhept.dll
2006-08-16   13:07   7,168   -ra------   C:\WINDOWS\system32\kbdcz.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdycl.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdsl1.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdsl.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdpl.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdhu.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdhela3.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdcz2.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdcz1.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\kbdcr.dll
2006-08-16   13:07   6,656   -ra------   C:\WINDOWS\system32\KBDAL.DLL
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdtuq.dll
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdtuf.dll
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdlv1.dll
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdlv.dll
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdhela2.dll
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdgkl.dll
2006-08-16   13:07   6,144   -ra------   C:\WINDOWS\system32\kbdest.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdycc.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbduzb.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdur.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdtat.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdru1.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdru.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdro.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdpl1.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdmon.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdlt1.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdlt.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdkyr.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdkaz.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdhu1.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdhe319.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdhe220.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdhe.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdbu.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdblr.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdazel.dll
2006-08-16   13:07   5,632   -ra------   C:\WINDOWS\system32\kbdaze.dll
2006-08-16   13:07   24,661   --a------   C:\WINDOWS\system32\spxcoins.dll
2006-08-16   13:07   176,157   --a------   C:\WINDOWS\system32\dgrpsetu.dll
2006-08-16   13:07   13,312   --a------   C:\WINDOWS\system32\irclass.dll
2006-08-16   13:06   8,704   --a------   C:\WINDOWS\system32\batt.dll
2006-08-16   13:06   74,752   --a------   C:\WINDOWS\system32\storprop.dll
2006-08-16   13:06   69,120   --a------   C:\WINDOWS\NOTEPAD.EXE
2006-08-16   13:06   15,360   --a------   C:\WINDOWS\TASKMAN.EXE
2006-08-16   13:06   103,424   --a------   C:\WINDOWS\system32\EqnClass.Dll
2006-08-16   12:34   5,606   --a------   C:\WINDOWS\system32\stci.dll
2006-08-16   12:29   9,709,568   -r-------   C:\WINDOWS\RTLCPL.exe
2006-08-16   12:29   86,016   -r-------   C:\WINDOWS\SoundMan.exe
2006-08-16   12:29   69,632   -r-------   C:\WINDOWS\Alcmtr.exe
2006-08-16   12:29   40,960   -r-------   C:\WINDOWS\system32\ChCfg.exe
2006-08-16   12:29   385,024   -r-------   C:\WINDOWS\system32\JMRaidTool.exe
2006-08-16   12:29   364,544   -r-------   C:\WINDOWS\RtlUpd.exe
2006-08-16   12:29   306,688   --a------   C:\WINDOWS\IsUninst.exe
2006-08-16   12:29   2,879,488   -r-------   C:\WINDOWS\SkyTel.exe
2006-08-16   12:29   2,808,832   -r-------   C:\WINDOWS\alcwzrd.exe
2006-08-16   12:29   2,158,592   -r-------   C:\WINDOWS\MicCal.exe
2006-08-16   12:29   16,208,384   -r-------   C:\WINDOWS\RTHDCPL.exe
2006-08-16   12:29   135,168   -r-------   C:\WINDOWS\system32\RtlCPAPI.dll
2006-08-16   12:28   487,424   -r-------   C:\WINDOWS\RtlExUpd.dll
2006-08-16   12:28   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2006-08-16   12:16   112,128   --a------   C:\WINDOWS\system32\mapi32.dll
2006-08-16   12:16   0   -rahs----   C:\MSDOS.SYS
2006-08-16   12:16   0   -rahs----   C:\IO.SYS
2006-08-16   12:16   0   --a------   C:\CONFIG.SYS
2006-08-16   12:16   0   --a------   C:\AUTOEXEC.BAT
2006-08-16   12:14   64,512   --a------   C:\WINDOWS\system32\acctres.dll
2006-08-16   12:14   6,656   --a------   C:\WINDOWS\system32\wuauserv.dll
2006-08-16   12:14   194,328   --a------   C:\WINDOWS\system32\wuaueng1.dll
2006-08-16   12:14   173,536   --a------   C:\WINDOWS\system32\wuweb.dll
2006-08-16   12:14   16,384   --a------   C:\WINDOWS\system32\icfgnt5.dll
2006-08-16   12:14   127,256   --a------   C:\WINDOWS\system32\wucltui.dll
2006-08-16   12:14   12,288   --a------   C:\WINDOWS\system32\nmevtmsg.dll
2006-08-16   12:14   11,264   --a------   C:\WINDOWS\system32\atrace.dll
2006-08-16   12:13   81,920   --a------   C:\WINDOWS\system32\isign32.dll
2006-08-16   12:13   81,920   --a------   C:\WINDOWS\system32\ils.dll
2006-08-16   12:13   8,192   --a------   C:\WINDOWS\system32\bitsprx2.dll
2006-08-16   12:13   73,728   --a------   C:\WINDOWS\system32\icwdial.dll
2006-08-16   12:13   7,168   --a------   C:\WINDOWS\system32\bitsprx3.dll
2006-08-16   12:13   69,632   --a------   C:\WINDOWS\system32\msconf.dll
2006-08-16   12:13   679,424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-08-16   12:13   67,584   --a------   C:\WINDOWS\system32\srclient.dll
2006-08-16   12:13   65,536   --a------   C:\WINDOWS\system32\icwphbk.dll
2006-08-16   12:13   48,128   --a------   C:\WINDOWS\system32\inetres.dll
2006-08-16   12:13   465,176   --a------   C:\WINDOWS\system32\wuapi.dll
2006-08-16   12:13   45,568   --a------   C:\WINDOWS\system32\safrslv.dll
2006-08-16   12:13   43,520   --a------   C:\WINDOWS\system32\safrcdlg.dll
2006-08-16   12:13   43,520   --a------   C:\WINDOWS\system32\racpldlg.dll
2006-08-16   12:13   41,240   --a------   C:\WINDOWS\system32\wups.dll
2006-08-16   12:13   382,464   --a------   C:\WINDOWS\system32\qmgr.dll
2006-08-16   12:13   34,560   --a------   C:\WINDOWS\system32\mnmdd.dll
2006-08-16   12:13   32,768   --a------   C:\WINDOWS\system32\mnmsrvc.exe
2006-08-16   12:13   32,768   --a------   C:\WINDOWS\system32\isrdbg32.dll
2006-08-16   12:13   29,696   --a------   C:\WINDOWS\system32\safrdm.dll
2006-08-16   12:13   28,672   --a------   C:\WINDOWS\system32\nmmkcert.dll
2006-08-16   12:13   274,944   --a------   C:\WINDOWS\system32\mstask.dll
2006-08-16   12:13   274,432   --a------   C:\WINDOWS\system32\inetcfg.dll
2006-08-16   12:13   252,928   --a------   C:\WINDOWS\system32\msoeacct.dll
2006-08-16   12:13   239,104   --a------   C:\WINDOWS\system32\srrstr.dll
2006-08-16   12:13   22,528   --a------   C:\WINDOWS\system32\fltMc.exe
2006-08-16   12:13   190,976   --a------   C:\WINDOWS\system32\schedsvc.dll
2006-08-16   12:13   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll
2006-08-16   12:13   172,312   --a------   C:\WINDOWS\system32\wuauclt1.exe
2006-08-16   12:13   170,496   --a------   C:\WINDOWS\system32\srsvc.dll
2006-08-16   12:13   16,896   --a------   C:\WINDOWS\system32\fltlib.dll
2006-08-16   12:13   124,184   --a------   C:\WINDOWS\system32\wuauclt.exe
2006-08-16   12:13   12,288   --a------   C:\WINDOWS\system32\mstinit.exe
2006-08-16   12:13   105,984   --a------   C:\WINDOWS\system32\msoert2.dll
2006-08-16   12:13   1,343,768   --a------   C:\WINDOWS\system32\wuaueng.dll
2006-08-16   12:12   97,792   --a------   C:\WINDOWS\system32\comrepl.dll
2006-08-16   12:12   9,728   --a------   C:\WINDOWS\system32\reset.exe
2006-08-16   12:12   80,384   --a------   C:\WINDOWS\system32\charmap.exe
2006-08-16   12:12   73,216   --a------   C:\WINDOWS\system32\avwav.dll
2006-08-16   12:12   605,696   --a------   C:\WINDOWS\system32\getuname.dll
2006-08-16   12:12   56,832   --a------   C:\WINDOWS\system32\sol.exe
2006-08-16   12:12   55,296   --a------   C:\WINDOWS\system32\freecell.exe
2006-08-16   12:12   54,272   --a------   C:\WINDOWS\system32\stclient.dll
2006-08-16   12:12   5,632   --a------   C:\WINDOWS\system32\write.exe
2006-08-16   12:12   5,120   --a------   C:\WINDOWS\system32\dcomcnfg.exe
2006-08-16   12:12   44,544   --a------   C:\WINDOWS\system32\hticons.dll
2006-08-16   12:12   4,096   --a------   C:\WINDOWS\system32\rdpcfgex.dll
2006-08-16   12:12   4,096   --a------   C:\WINDOWS\system32\mtxex.dll
2006-08-16   12:12   35,328   --a------   C:\WINDOWS\system32\winchat.exe
2006-08-16   12:12   33,792   --a------   C:\WINDOWS\system32\regini.exe
2006-08-16   12:12   25,600   --a------   C:\WINDOWS\system32\comaddin.dll
2006-08-16   12:12   25,088   --a------   C:\WINDOWS\system32\mtxlegih.dll
2006-08-16   12:12   227,840   --a------   C:\WINDOWS\system32\avtapi.dll
2006-08-16   12:12   22,016   --a------   C:\WINDOWS\system32\qwinsta.exe
2006-08-16   12:12   20,992   --a------   C:\WINDOWS\system32\msg.exe
2006-08-16   12:12   20,480   --a------   C:\WINDOWS\system32\mtxdm.dll
2006-08-16   12:12   16,896   --a------   C:\WINDOWS\system32\tsshutdn.exe
2006-08-16   12:12   16,896   --a------   C:\WINDOWS\system32\qappsrv.exe
2006-08-16   12:12   16,384   --a------   C:\WINDOWS\system32\tskill.exe
2006-08-16   12:12   16,384   --a------   C:\WINDOWS\system32\avmeter.dll
2006-08-16   12:12   15,872   --a------   C:\WINDOWS\system32\rwinsta.exe
2006-08-16   12:12   15,872   --a------   C:\WINDOWS\system32\cdmodem.dll
2006-08-16   12:12   15,360   --a------   C:\WINDOWS\system32\logoff.exe
2006-08-16   12:12   147,456   --a------   C:\WINDOWS\system32\comsnap.dll
2006-08-16   12:12   14,848   --a------   C:\WINDOWS\system32\tsdiscon.exe
2006-08-16   12:12   14,848   --a------   C:\WINDOWS\system32\tscon.exe
2006-08-16   12:12   14,848   --a------   C:\WINDOWS\system32\shadow.exe
2006-08-16   12:12   138,752   --a------   C:\WINDOWS\system32\sndvol32.exe
2006-08-16   12:12   126,976   --a------   C:\WINDOWS\system32\mshearts.exe
2006-08-16   12:12   119,808   --a------   C:\WINDOWS\system32\winmine.exe
2006-08-16   12:12   114,688   --a------   C:\WINDOWS\system32\calc.exe
2006-08-16   12:12   1,161   --a------   C:\WINDOWS\system32\usrlogon.cmd
2006-08-16   12:11   956,416   --a------   C:\WINDOWS\system32\msdtctm.dll
2006-08-16   12:11   93,696   --a------   C:\WINDOWS\system32\tscfgwmi.dll
2006-08-16   12:11   91,136   --a------   C:\WINDOWS\system32\mtxoci.dll
2006-08-16   12:11   87,176   --a------   C:\WINDOWS\system32\rdpwsx.dll
2006-08-16   12:11   85,504   --a------   C:\WINDOWS\system32\catsrvps.dll
2006-08-16   12:11   67,072   --a------   C:\WINDOWS\system32\rdshost.exe
2006-08-16   12:11   655,360   --a------   C:\WINDOWS\system32\mstscax.dll
2006-08-16   12:11   625,152   --a------   C:\WINDOWS\system32\catsrvut.dll
2006-08-16   12:11   62,464   --a------   C:\WINDOWS\system32\rdpclip.exe
2006-08-16   12:11   60,416   --a------   C:\WINDOWS\system32\remotepg.dll
2006-08-16   12:11   60,416   --a------   C:\WINDOWS\system32\colbact.dll
2006-08-16   12:11   6,144   --a------   C:\WINDOWS\system32\msdtc.exe
2006-08-16   12:11   58,880   --a------   C:\WINDOWS\system32\msdtclog.dll
2006-08-16   12:11   58,880   --a------   C:\WINDOWS\system32\licwmi.dll
2006-08-16   12:11   56,320   --a------   C:\WINDOWS\system32\servdeps.dll
2006-08-16   12:11   540,160   --a------   C:\WINDOWS\system32\comuid.dll
2006-08-16   12:11   538,624   --a------   C:\WINDOWS\system32\spider.exe
2006-08-16   12:11   498,688   --a------   C:\WINDOWS\system32\clbcatq.dll
2006-08-16   12:11   44,544   --a------   C:\WINDOWS\system32\tscupgrd.exe
2006-08-16   12:11   426,496   --a------   C:\WINDOWS\system32\msdtcprx.dll
2006-08-16   12:11   407,552   --a------   C:\WINDOWS\system32\mstsc.exe
2006-08-16   12:11   38,912   --a------   C:\WINDOWS\system32\cfgbkend.dll
2006-08-16   12:11   347,136   --a------   C:\WINDOWS\system32\hypertrm.dll
2006-08-16   12:11   343,040   --a------   C:\WINDOWS\system32\mspaint.exe
2006-08-16   12:11   295,424   --a------   C:\WINDOWS\system32\termsrv.dll
2006-08-16   12:11   225,792   --a------   C:\WINDOWS\system32\catsrv.dll
2006-08-16   12:11   20,480   --a------   C:\WINDOWS\system32\qprocess.exe
2006-08-16   12:11   19,968   --a------   C:\WINDOWS\system32\rdpsnd.dll
2006-08-16   12:11   185,344   --a------   C:\WINDOWS\system32\cmprops.dll
2006-08-16   12:11   183,808   --a------   C:\WINDOWS\system32\accwiz.exe
2006-08-16   12:11   17,408   --a------   C:\WINDOWS\system32\mmfutil.dll
2006-08-16   12:11   161,280   --a------   C:\WINDOWS\system32\msdtcuiu.dll
2006-08-16   12:11   147,968   --a------   C:\WINDOWS\system32\rdchost.dll
2006-08-16   12:11   140,800   --a------   C:\WINDOWS\system32\sessmgr.exe
2006-08-16   12:11   131,584   --a------   C:\WINDOWS\system32\sndrec32.exe
2006-08-16   12:11   13,824   --a------   C:\WINDOWS\system32\rdsaddin.exe
2006-08-16   12:11   123,392   --a------   C:\WINDOWS\system32\mplay32.exe
2006-08-16   12:11   110,080   --a------   C:\WINDOWS\system32\clbcatex.dll
2006-08-16   12:11   11,776   --a------   C:\WINDOWS\system32\xolehlp.dll
2006-08-16   12:11   11,264   --a------   C:\WINDOWS\system32\icaapi.dll
2006-08-16   12:11   102,912   --a------   C:\WINDOWS\system32\clipbrd.exe
2006-08-16   12:11   1,267,200   --a------   C:\WINDOWS\system32\comsvcs.dll
 

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-31 00:47   --------   d--------   C:\Program Files\GetRight
2006-08-30 23:12   --------   d--------   C:\Documents and Settings\B\Application Data\Skype
2006-08-29 23:15   --------   d--------   C:\Documents and Settings\B\Application Data\GetRightToGo
2006-08-29 21:39   --------   d--------   C:\Program Files\ewido anti-spyware 4.0
2006-08-29 20:25   --------   d--------   C:\Program Files\Kaspersky Lab
2006-08-29 20:18   --------   d--------   C:\Program Files\Trustix
2006-08-29 19:20   --------   d--------   C:\Documents and Settings\B\Application Data\Comodo
2006-08-29 19:15   --------   d--------   C:\Program Files\Comodo
2006-08-29 16:02   --------   d--------   C:\Program Files\CleanUp!
2006-08-28 12:51   --------   d--------   C:\Program Files\Lavasoft
2006-08-28 12:51   --------   d--------   C:\Documents and Settings\B\Application Data\Lavasoft
2006-08-28 12:37   --------   d--------   C:\Documents and Settings\B\Application Data\Google
2006-08-28 12:36   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-08-28 12:36   --------   d--------   C:\Program Files\Google
2006-08-27 21:38   --------   d--------   C:\Program Files\GameSpy Arcade
2006-08-27 20:13   --------   d--------   C:\Program Files\EA GAMES
2006-08-27 16:13   --------   d--------   C:\Program Files\The All-Seeing Eye
2006-08-27 14:55   --------   d--------   C:\Program Files\Common Files\EasyInfo
2006-08-27 14:55   --------   d--------   C:\Program Files\Common Files
2006-08-25 22:07   --------   d--------   C:\Program Files\OfficeUpdate11
2006-08-24 22:35   --------   d--------   C:\Program Files\Superjoy Box Pro
2006-08-24 22:25   --------   d--------   C:\Program Files\Pro Evolution Soccer 5
2006-08-24 14:15   --------   d--------   C:\Program Files\PES5
2006-08-24 10:07   --------   d---s----   C:\Documents and Settings\B\Application Data\Microsoft
2006-08-23 15:41   --------   d--------   C:\Documents and Settings\B\Application Data\Real
2006-08-23 15:40   --------   d--------   C:\Program Files\Real
2006-08-23 15:40   --------   d--------   C:\Program Files\Common Files\xing shared
2006-08-23 15:40   --------   d--------   C:\Program Files\Common Files\Real
2006-08-23 13:49   --------   d--------   C:\Documents and Settings\B\Application Data\Samsung
2006-08-23 10:33   --------   d--------   C:\Program Files\Karndean International
2006-08-22 22:58   --------   d--------   C:\Program Files\Common Files\Ahead
2006-08-22 22:58   --------   d--------   C:\Program Files\Ahead
2006-08-22 21:44   --------   d--------   C:\Program Files\Sierra
2006-08-22 07:55   --------   d--------   C:\Program Files\Microsoft IntelliPoint
2006-08-19 23:29   --------   d--------   C:\Program Files\ATITool
2006-08-19 19:36   --------   d--------   C:\Documents and Settings\B\Application Data\My Battle for Middle-earth(tm) II Files
2006-08-19 18:16   --------   d--------   C:\Program Files\Common Files\WhenU
2006-08-19 18:12   --------   d--------   C:\Program Files\Electronic Arts
2006-08-19 16:49   --------   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2006-08-19 16:44   --------   d--------   C:\Documents and Settings\B\Application Data\Adobe
2006-08-19 16:42   --------   d--------   C:\Program Files\TechSmith
2006-08-19 15:38   --------   d--------   C:\Program Files\Windows Media Player
2006-08-18 20:11   41888   --a------   C:\WINDOWS\system32\drivers\Oreans.sys
2006-08-18 19:57   --------   d--------   C:\Program Files\Samsung
2006-08-18 16:14   --------   d--------   C:\Program Files\Inland Revenue
2006-08-18 15:17   --------   d--------   C:\Program Files\Common Files\Microsoft Shared
2006-08-18 15:06   --------   d--------   C:\Program Files\Sage EBanking
2006-08-18 15:06   --------   d--------   C:\Program Files\Informer50
2006-08-18 15:05   --------   d--------   C:\Program Files\Sage
2006-08-18 15:05   --------   d--------   C:\Program Files\Common Files\Sage Line50
2006-08-18 11:35   --------   d--------   C:\Program Files\Common Files\Adobe
2006-08-18 11:35   --------   d--------   C:\Program Files\Adobe
2006-08-18 09:26   --------   d--------   C:\Program Files\Microsoft IntelliType Pro 5.5
2006-08-18 09:26   --------   d--------   C:\Program Files\Microsoft IntelliType Pro
2006-08-17 23:06   --------   d--------   C:\Program Files\GIGABYTE
2006-08-17 22:06   --------   d--------   C:\Program Files\Valve
2006-08-17 18:17   163644   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-17 18:01   --------   d--------   C:\Program Files\Activision
2006-08-17 14:56   --------   d--------   C:\Program Files\Bethesda Softworks
2006-08-17 14:32   --------   d--------   C:\Program Files\Canon
2006-08-17 13:36   --------   d--------   C:\Program Files\Common Files\Intuit
2006-08-17 13:36   --------   d--------   C:\Program Files\Common Files\AnswerWorks 4.0
2006-08-17 13:35   --------   d--------   C:\Program Files\Intuit
2006-08-17 13:28   --------   d--------   C:\Documents and Settings\B\Application Data\AdobeUM
2006-08-17 12:58   --------   d--------   C:\Program Files\Common Files\SWF Studio
2006-08-17 12:58   --------   d--------   C:\Documents and Settings\B\Application Data\Macromedia
2006-08-17 12:11   --------   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2006-08-17 11:28   --------   d--------   C:\Program Files\Microsoft IntelliPoint 5.2
2006-08-17 09:24   --------   d--------   C:\Program Files\Trend Micro
2006-08-17 08:41   --------   d--------   C:\Program Files\Smart Projects
2006-08-17 00:50   --------   d--------   C:\Program Files\Skype
2006-08-16 23:52   223128   --a------   C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-16 23:52   --------   d--------   C:\Program Files\DAEMON Tools
2006-08-16 23:48   --------   d--------   C:\Program Files\MSN
2006-08-16 23:40   --------   d--------   C:\Program Files\Messenger
2006-08-16 23:30   --------   d--------   C:\Documents and Settings\B\Application Data\MSNInstaller
2006-08-16 23:19   96256   --a------   C:\WINDOWS\system32\drivers\sptd0941.sys
2006-08-16 23:19   643072   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2006-08-16 23:18   --------   d--------   C:\Program Files\BitComet
2006-08-16 23:08   --------   d--------   C:\Program Files\Internet Explorer
2006-08-16 22:07   --------   d--------   C:\Program Files\TuneUp Utilities 2006
2006-08-16 22:07   --------   d--------   C:\Documents and Settings\B\Application Data\TuneUp Software
2006-08-16 22:06   --------   d--------   C:\Program Files\WinRAR
2006-08-16 21:40   --------   d--------   C:\Program Files\Futuremark
2006-08-16 21:15   --------   d--------   C:\Program Files\Outlook Express
2006-08-16 21:15   --------   d--------   C:\Program Files\Common Files\System
2006-08-16 20:48   --------   d--------   C:\Documents and Settings\B\Application Data\ATI
2006-08-16 20:45   --------   d--------   C:\Program Files\Common Files\InstallShield
2006-08-16 20:45   --------   d--------   C:\Program Files\ATI Technologies
2006-08-16 20:40   --------   d--------   C:\Program Files\Microsoft Office
2006-08-16 20:40   --------   d--------   C:\Program Files\Microsoft ActiveSync
2006-08-16 20:40   --------   d--------   C:\Program Files\Common Files\Designer
2006-08-16 13:07   --------   d--------   C:\Program Files\Common Files\SpeechEngines
2006-08-16 13:07   --------   d--------   C:\Program Files\Common Files\ODBC
2006-08-16 13:06   62   --ahs----   C:\Documents and Settings\B\Application Data\desktop.ini
2006-08-16 12:34   --------   d--------   C:\Program Files\Thomson
2006-08-16 12:29   --------   d--------   C:\Program Files\Realtek
2006-08-16 12:26   --------   d--------   C:\Program Files\Intel
2006-08-16 12:22   --------   d--h-----   C:\Program Files\Uninstall Information
2006-08-16 12:22   --------   d--------   C:\Documents and Settings\B\Application Data\Identities
2006-08-16 12:16   --------   d--------   C:\Program Files\xerox
2006-08-16 12:16   --------   d--------   C:\Program Files\microsoft frontpage
2006-08-16 12:15   --------   d--h-----   C:\Program Files\WindowsUpdate
2006-08-16 12:14   --------   d--------   C:\Program Files\NetMeeting
2006-08-16 12:14   --------   d--------   C:\Program Files\Common Files\Services
2006-08-16 12:14   --------   d--------   C:\Program Files\Common Files\MSSoap
2006-08-16 12:13   --------   d--------   C:\Program Files\Movie Maker
2006-08-16 12:12   --------   d--------   C:\Program Files\Windows NT
2006-08-16 12:12   --------   d--------   C:\Program Files\Online Services
2006-08-16 12:12   --------   d--------   C:\Program Files\MSN Gaming Zone
2006-08-16 12:12   --------   d--------   C:\Program Files\ComPlus Applications
2006-07-21 09:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
2006-07-19 03:58   258048   --a------   C:\WINDOWS\system32\ati2dvag.dll
2006-07-19 03:58   1621504   --a------   C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-07-19 03:53   77824   --a------   C:\WINDOWS\system32\Oemdspif.dll
2006-07-19 03:53   26112   --a------   C:\WINDOWS\system32\Ati2mdxx.exe
2006-07-19 03:53   114688   --a------   C:\WINDOWS\system32\atipdlxx.dll
2006-07-19 03:52   86016   --a------   C:\WINDOWS\system32\ati2evxx.dll
2006-07-19 03:52   41984   --a------   C:\WINDOWS\system32\ati2edxx.dll
2006-07-19 03:51   53248   --a------   C:\WINDOWS\system32\ATIDDC.DLL
2006-07-19 03:51   401408   --a------   C:\WINDOWS\system32\ati2evxx.exe
2006-07-19 03:44   2732608   --a------   C:\WINDOWS\system32\ati3duag.dll
2006-07-19 03:39   1744416   --a------   C:\WINDOWS\system32\ativvaxx.dll
2006-07-19 03:27   204800   --a------   C:\WINDOWS\system32\atikvmag.dll
2006-07-19 03:26   17408   --a------   C:\WINDOWS\system32\atitvo32.dll
2006-07-19 03:23   307200   --a------   C:\WINDOWS\system32\atiiiexx.dll
2006-07-19 03:22   6684672   --a------   C:\WINDOWS\system32\atioglx1.dll
2006-07-19 03:22   286720   --a------   C:\WINDOWS\system32\ati2cqag.dll
2006-07-19 03:21   290816   --a------   C:\WINDOWS\system32\ATIDEMGR.dll
2006-07-19 03:13   5136384   --a------   C:\WINDOWS\system32\atioglxx.dll
2006-06-18 14:54   36864   --a------   C:\WINDOWS\system32\frapsvid.dll
 

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
@=""
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Comodo Personal Firewall"="C:\\Program Files\\Comodo\\Personal Firewall\\CPF.exe sysrestart"
"Comodo Launch Pad Tray"="C:\\Program Files\\Comodo\\LaunchPad\\CLPTray.exe"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Steam"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"Alcmtr"="ALCMTR.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"EasyTuneV"="C:\\Program Files\\Gigabyte\\ET5\\GUI.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
 
 

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
 
Completion time: 31/08/2006  9:04:30.81
ComboFix.txt



Logfile of HijackThis v1.99.1
Scan saved at 20:50:16, on 01/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\B\Desktop\analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155766136796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E39900-48F2-4505-996B-A69666BF7069}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

4
Tech Clinic / trouble, trouble, trouble!
« on: August 30, 2006, 05:20:06 PM »
unfortunately I still ahve the problem with my connection it cuts out after 10-15 mins then I cant reconnect through it I have to restart my computer, could the virus I had effected my networking files/settings?

5
Tech Clinic / trouble, trouble, trouble!
« on: August 30, 2006, 04:41:03 PM »
Hi there, I think that may of sorted out the mail problem too.. I have got rid of Trend micro and I now have Kaspersky Anti Virus 6 with Comodo Firewall and they seem pretty good this is my latest hijack:

Logfile of HijackThis v1.99.1
Scan saved at 22:36:34, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Comodo\Personal Firewall\CPF.exe
C:\Program Files\Comodo\LaunchPad\CLPTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm6y.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Documents and Settings\B\Desktop\analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Comodo Personal Firewall] C:\Program Files\Comodo\Personal Firewall\CPF.exe sysrestart
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155766136796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E39900-48F2-4505-996B-A69666BF7069}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



How is it looking?!

6
Tech Clinic / trouble, trouble, trouble!
« on: August 29, 2006, 05:08:26 PM »
after following all your instructions I have not seen the virus warnings again but I do have the above problems with outlook and my DSL connection keeps disconnecting then it wont allow me to reconnect I have to restart my PC then I can connect again.

7
Tech Clinic / trouble, trouble, trouble!
« on: August 29, 2006, 12:35:39 PM »
One of my two email accountss has got blocked up with multiple repeat emails it now gets to a point and stops recieving.  I guess this is the worm vius in effect, I tried netsky twice it found nothing.

8
Tech Clinic / trouble, trouble, trouble!
« on: August 29, 2006, 11:39:30 AM »
Thank you for your reply here are reports as requested please note FXnetsky did not find anything:

Logfile of HijackThis v1.99.1
Scan saved at 17:32:34, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Activision\Rome - Total War\RomeTW-BI.exe
C:\Documents and Settings\B\Desktop\analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CB188FD0-FC0F-4AA8-B3FC-0DE5863B5954} - C:\WINDOWS\system32\jkhhf.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155766136796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E39900-48F2-4505-996B-A69666BF7069}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



AND


-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Tuesday, August 29, 2006 5:31:54 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.83.0
 Kaspersky Anti-Virus database last update: 29/08/2006
 Kaspersky Anti-Virus database records: 219135
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\

Scan Statistics:
   Total number of scanned objects: 84921
   Number of viruses found: 13
   Number of infected objects: 44 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 00:57:50

Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/4OPYH1R5/srvjxr[1].exe   Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k   skipped
C:\avenger\backup.zip/avenger/4OPYH1R5/srvmxj[1].exe   Infected: Trojan.Win32.Pakes   skipped
C:\avenger\backup.zip/avenger/jkhhf.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.da   skipped
C:\avenger\backup.zip/avenger/QP3GTEFV/srvhip[1].exe   Infected: Trojan.Win32.Pakes   skipped
C:\avenger\backup.zip/avenger/svvhost.exe   Infected: Trojan.Win32.Small.js   skipped
C:\avenger\backup.zip/avenger/win3B.tmp.exe   Infected: Trojan.Win32.Pakes   skipped
C:\avenger\backup.zip/avenger/win4DBB.tmp.exe   Infected: Trojan.Win32.Pakes   skipped
C:\avenger\backup.zip/avenger/win55C5.tmp.exe   Infected: Trojan.Win32.Pakes   skipped
C:\avenger\backup.zip/avenger/winghy32.dll   Infected: Packed.Win32.Klone.g   skipped
C:\avenger\backup.zip   ZIP: infected - 9   skipped
C:\Documents and Settings\B\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip/document.txt                                                                   .exe   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst   Mail MS Mail: infected - 4   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\History\History.IE5\MSHist012006082920060830\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip/document.txt                                                                   .exe   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst   Mail MS Mail: infected - 4   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip/document.txt                                                                   .exe   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst   Mail MS Mail: infected - 4   skipped
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix\Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   skipped
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix.zip/SmitfraudFix/Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   skipped
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\B\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\B\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\B\UserData\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\BitComet\Downloads\Windows XP Key Changer Pack\Key Changer.exe/data.rar/xpkey.exe   Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Program Files\BitComet\Downloads\Windows XP Key Changer Pack\Key Changer.exe/data.rar/officekey.exe   Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Program Files\BitComet\Downloads\Windows XP Key Changer Pack\Key Changer.exe/data.rar   Infected: not-a-virus:PSWTool.Win32.RAS.a   skipped
C:\Program Files\BitComet\Downloads\Windows XP Key Changer Pack\Key Changer.exe   RarSFX: infected - 3   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP14\A0001942.dll   Infected: not-a-virus:AdTool.Win32.WhenU.c   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP40\A0018077.exe   Infected: not-a-virus:AdTool.Win32.WhenU.c   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024879.exe   Infected: Trojan-Downloader.Win32.Zlob.agf   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024893.exe   Infected: Trojan-Downloader.Win32.Zlob.agf   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024939.exe   Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024941.exe   Infected: Trojan.Win32.Small.js   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024958.exe   Infected: not-a-virus:AdWare.Win32.180Solutions.ak   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024978.exe   Infected: not-a-virus:AdTool.Win32.WhenU.a   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024979.exe   Infected: not-a-virus:Downloader.Win32.WinFixer.r   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025129.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.da   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025130.exe   Infected: Trojan.Win32.Small.js   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0025131.dll   Infected: Packed.Win32.Klone.g   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\change.log   Object is locked   skipped
C:\WINDOWS\CSC\00000001   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\ACEEvent.evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\dtscsi.sys   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd0941.sys   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_780.dat   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
E:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
E:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\change.log   Object is locked   skipped

Scan process completed.


AND



VundoFix V6.1.2

Checking Java version...

Sun Java not detected
Scan started at 16:05:18 29/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\urqpnno.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\urqpnno.dll
C:\WINDOWS\system32\urqpnno.dll Has been deleted!

Performing Repairs to the registry.
Done!

AND

Symantec W32.Netsky FixTool 1.12.0


C:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
W32.Netsky has not been found on your computer.

9
Tech Clinic / trouble, trouble, trouble!
« on: August 29, 2006, 04:53:44 AM »
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />  Thanks for your reply, here is what you requested....

Kaspersky:


 KASPERSKY ONLINE SCANNER REPORT
 Tuesday, August 29, 2006 10:47:46 AM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.83.0
 Kaspersky Anti-Virus database last update: 29/08/2006
 Kaspersky Anti-Virus database records: 219030
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\

Scan Statistics:
   Total number of scanned objects: 85475
   Number of viruses found: 12
   Number of infected objects: 36 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 01:07:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\B\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip/document.txt                                                                   .exe   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:????????.eml   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst   Mail MS Mail: infected - 4   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\History\History.IE5\MSHist012006082920060830\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Temp\~DF9C8D.tmp   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\4OPYH1R5\srvzfk[1].exe   Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k   skipped
C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\QP3GTEFV\srvhip[1].exe   Infected: Trojan.Win32.Pakes   skipped
C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\QP3GTEFV\srvihe[1].exe   Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip/document.txt                                                                   .exe   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\NEW Outlook\Outlook4.pst   Mail MS Mail: infected - 4   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip/document.txt                                                                   .exe   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED/buse_list.zip   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml/[From [email protected]][Date Mon, 31 Jul 2006 06:27:17 +0800]/UNNAMED   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst/Personal Folders/Inbox/30 Jul 2006 22:27 from [email protected]:¼þͶµÝ³¬Ê±´íÎó.eml   Infected: Email-Worm.Win32.NetSky.q   skipped
C:\Documents and Settings\B\My Documents\Outlook Backup\NEW Outlook\Outlook4.pst   Mail MS Mail: infected - 4   skipped
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix\Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   skipped
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix.zip/SmitfraudFix/Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   skipped
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\B\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\B\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\BitComet\Downloads\Trend Micro PC-cillin Internet Security 2006 14.1.zip   Object is locked   skipped
C:\Program Files\BitComet\Downloads\Windows XP Key Changer Pack\Key Changer.exe   Object is locked   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP14\A0001942.dll   Infected: not-a-virus:AdTool.Win32.WhenU.c   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP40\A0017845.exe   Object is locked   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP40\A0017848.exe   Object is locked   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP40\A0018077.exe   Infected: not-a-virus:AdTool.Win32.WhenU.c   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024879.exe   Infected: Trojan-Downloader.Win32.Zlob.agf   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024893.exe   Infected: Trojan-Downloader.Win32.Zlob.agf   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024939.exe   Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.k   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024941.exe   Infected: Trojan.Win32.Small.js   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024958.exe   Infected: not-a-virus:AdWare.Win32.180Solutions.ak   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024978.exe   Infected: not-a-virus:AdTool.Win32.WhenU.a   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\A0024979.exe   Infected: not-a-virus:Downloader.Win32.WinFixer.r   skipped
C:\System Volume Information\_restore{444CBD36-52CF-40A8-93B1-D5E65AE5E630}\RP70\change.log   Object is locked   skipped
C:\WINDOWS\CSC\00000001   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\ACEEvent.evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat   Object is locked   skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\WINDOWS\system32\drivers\dtscsi.sys   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd0941.sys   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\jkhhf.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.da   skipped
C:\WINDOWS\system32\svvhost.exe   Infected: Trojan.Win32.Small.js   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\system32\winghy32.dll   Infected: Packed.Win32.Klone.g   skipped
C:\WINDOWS\Temp\idd15.tmp.exe   Object is locked   skipped
C:\WINDOWS\Temp\idd3C.tmp.exe   Object is locked   skipped
C:\WINDOWS\Temp\idd4DBC.tmp.exe   Object is locked   skipped
C:\WINDOWS\Temp\idd55C6.tmp.exe   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_69c.dat   Object is locked   skipped
C:\WINDOWS\Temp\win3B.tmp.exe   Infected: Trojan.Win32.Pakes   skipped
C:\WINDOWS\Temp\win4DBB.tmp.exe   Infected: Trojan.Win32.Pakes   skipped
C:\WINDOWS\Temp\win55C5.tmp.exe   Infected: Trojan.Win32.Pakes   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
E:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped

Scan process completed.

and analyze.exe:

Logfile of HijackThis v1.99.1
Scan saved at 09:54:42, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCGUIDE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\B\Desktop\analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {771500C4-96C6-4983-BE5C-FC299B611918} - C:\WINDOWS\system32\jkhhf.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155766136796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E39900-48F2-4505-996B-A69666BF7069}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

10
Tech Clinic / trouble, trouble, trouble!
« on: August 28, 2006, 05:28:35 PM »
Have tried a couple of fixes but to no effect so I thought I would repost my hijack this report and rapport folder really need some help with this as my connection keeps cutting out and I keep getting calls to my home number that ring once then sound like a fax.....?


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\B\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155766136796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


and


mitFraudFix v2.81

Scan done at 23:11:48.51, 28/08/2006
Run from
C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\B\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\B\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

11
Tech Clinic / trouble, trouble, trouble!
« on: August 28, 2006, 12:20:32 PM »
Hello have trawled through old posts and self help but cant get anywhere hope you can help me out, first time I have ever got a virus on my machine. Pretty computer literate but cant seem to shift this. PC-Cillin lists it as dial_dialer.jc tried convential methods of removel but no luck... her are my reports:

Logfile of HijackThis v1.99.1
Scan saved at 16:26:18, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155766136796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

AND PANDA ACTIVESCAN:

Dialer:Dialer.HPD Not disinfected C:\Documents and Settings\B\Local Settings\Temporary Internet Files\Content.IE5\QP3GTEFV\srvhpm[1].exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\B\My Documents\Utilities & Updates\SmitfraudFix.zip[SmitfraudFix/Process.exe]

Also tried to clean with Smitfraudfix but no luck.

Any ideas?

And as I typed that this came up, talk of the devil!!!!!.... I also have a report that trojan.pakes has been found have deleted through ewido though

Real-time Protection
Real-time Protection has detected a virus, spyware, or other security risk, and performed the action specified.

.
Action taken: Denied Access.
.
Incident name: C:\WINDOWS\TEMP\iddA2.tmp.exe
Detection name: DIAL_DIALER.JC
User name: B
Note: If Search for and clean Trojans is turned on and executed after scanning, click Next to view the final action taken

Pages: [1]