1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Malware blocking programs & URLs

Discussion in 'Malware and Virus Removal Archive' started by iLKke, 2008/07/02.

  1. 2008/07/02
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    [Resolved] Malware blocking programs & URLs

    Hi.
    I have pretty much the same problem like the guy here,
    http://www.windowsbbs.com/showthread.php?t=73929
    with having to rename firefox (and others) in order to start it, and in that I'm prevented from visiting certain security-related URLs.

    I got infected after installing Daemon Tools Lite I downloaded from bittorrent.
    I don't know if it's OK to post a link to the torrent file here. If allowed, I'll do it in hope that it will help in pinpointing and thus solving the problem.

    I use Zone Alarm but I wasn't yet fully awake that morning so I accidentally allowed one or several malicious programs access while installing Daemon Tools Lite. Suddenly I had false security pop-ups and later found and got rid of a huge bunch of malware like 444.471, Cyberlog-X and WebHancer. They were logging keystrokes, registering randomly named dlls to be loaded on Windows startup and whatnot.
    I used SpyBot SnD, CCleaner, AdAware and ZoneAlarm Security Suite for detection and removal.

    One thing that I DIDN'T manage to fix is the aforementioned program/URL blacklist issue. I read the whole thread but I was unable to DL ATFCleaner or access Kaspersky Webscan, cause of browser block. I found a mirror for ATF but it just saved a zero-byte file to my drive. Apparently, when it dislikes something, it just returns a 404.

    I understand that this is a fairly new virus, and it apparently blocks more content than it did when this thread was started. I managed to DL HijackThis and DSS from my computer at work.

    Please help!

    Following is the log form Deckard's System Scanner.
    At O20 you can see that windows is trying to load rqRJDvsR.dll. I had to remove this dll using an ms-dos bootable disk, as it was constantly filling my system32 folder with logs, dlls and such. I have some of them in a safe place, should you like to take a look. I sorta searched the registry but was unable to find where it is being loaded from.

    Anyhow, HERE'S WHAT DECKARD HAD TO SAY:

    Deckard's System Scanner v20071014.68
    Run by ilke on 2008-07-02 18:25:01
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.



    -- Last 4 Restore Point(s) --
    4: 2008-07-02 16:25:08 UTC - RP812 - Deckard's System Scanner Restore Point
    3: 2008-07-02 04:41:38 UTC - RP811 - Removed ConceptDraw MINDMAP 5 Professional.
    2: 2008-06-30 07:10:11 UTC - RP810 - 3D?????? ???????????
    1: 2008-06-30 07:10:09 UTC - RP809 - SPTD setup V1.55


    Backed up registry hives.
    Performed disk cleanup.

    System Drive C: has 0.76 GiB (less than 15%) free.


    -- HijackThis (run as ilke.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:27:18 PM, on 7/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ashampoo Magic Defrag\bin\aDefragService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\progra~1\electr~1\electr~1\electr~1.exe
    C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\RKlauncher\RKLauncher.exe
    C:\Documents and Settings\ilke\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ilke.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internat Exploder
    O2 - BHO: (no name) - !{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4603004F-4ADA-4E1F-A6BB-5B6E41BAA288} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
    O2 - BHO: (no name) - {7EE2725A-9811-440D-A8C9-B672BDAF43F3} - (no file)
    O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
    O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
    O2 - BHO: (no name) - {BD6F9D29-5DE3-42FB-971D-956CB68121F4} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RK Launcher.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra button: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLL
    O9 - Extra 'Tools' menuitem: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
    O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200826104256
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O20 - Winlogon Notify: rqRJDvsR - rqRJDvsR.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo Magic Defrag\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ElectroServer Service - Unknown owner - c:\progra~1\electr~1\electr~1\electr~1.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    --
    End of file - 10162 bytes

    -- File Associations -----------------------------------------------------------

    .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2
    .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1 "


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
    R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
    R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
    R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys
    R2 atksgt - c:\windows\system32\drivers\atksgt.sys
    R2 DS1410D - c:\windows\system32\drivers\ds1410d.sys
    R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
    R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
    R2 enodpl - c:\windows\system32\drivers\enodpl.sys
    R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
    R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
    R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
    R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
    R2 tandpl - c:\windows\system32\drivers\tandpl.sys
    R3 Amps2prt (A4Tech PS/2 Port Mouse Driver) - c:\windows\system32\drivers\amps2prt.sys <Not Verified; A4Tech Co.,Ltd.; A4Tech iWheelWorks Mouse Driver>
    R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
    R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
    R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
    R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
    R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>
    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
    R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

    S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
    S2 npkcrypt - h:\maplestory\npkcrypt.sys (file missing)
    S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
    S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
    S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
    S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
    S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
    S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
    S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 AshampooDefragService - c:\program files\ashampoo magic defrag\bin\adefragservice.exe <Not Verified; ; Ashampoo Magic Defrag>
    R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
    R2 ElectroServer Service - c:\progra~1\electr~1\electr~1\electr~1.exe
    R2 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 monitor\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Monitor>
    R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

    S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.471 service (file missing)
    S3 CAISafe (CA ISafe) - c:\windows\system32\zonelabs\isafe.exe <Not Verified; Computer Associates International, Inc.; ISafe>
    S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe "
    S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
    S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: Applied Networking Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-27 17:16:48 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


    -- Files created between 2008-06-02 and 2008-07-02 -----------------------------

    2008-07-02 18:19:18 0 d-------- C:\Program Files\Trend Micro
    2008-07-02 06:35:21 0 dr-h----- C:\Documents and Settings\ilke\Recent
    2008-07-02 06:28:35 0 d-------- C:\Program Files\CCleaner
    2008-07-02 06:23:11 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-07-01 21:43:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-30 09:05:20 0 d-------- C:\Program Files\DAEMON Tools Lite
    2008-06-30 09:00:39 0 d-------- C:\Documents and Settings\ilke\Application Data\DAEMON Tools
    2008-06-30 08:59:36 0 d-------- C:\Temp
    2008-06-08 20:03:52 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
    2008-06-08 20:03:52 16 --a------ C:\WINDOWS\msocreg32.dat
    2008-06-08 20:03:02 0 d-------- C:\Program Files\AmpliTube Jimi Hendrix
    2008-06-05 10:18:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2008-06-05 10:18:54 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-06-05 10:18:54 0 d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2008-06-05 09:47:29 0 d-------- C:\Documents and Settings\ilke\Application Data\Nikon
    2008-06-05 09:47:24 180224 -ra------ C:\WINDOWS\system32\Strato4.dll <Not Verified; Nikon Corporation; Nikon Image Utility>
    2008-06-05 09:47:24 68096 -ra------ C:\WINDOWS\system32\RedEye.dll <Not Verified; FotoNation Inc.; Red Eye API DLL>
    2008-06-05 09:47:24 3506176 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll <Not Verified; Nikon Corporation; NkNEFPlugin>
    2008-06-05 09:47:16 110592 -ra------ C:\WINDOWS\system32\RCSigProc.dll <Not Verified; Nikon Corporation; Nikon DSC RAW library>
    2008-06-05 09:47:16 180224 -ra------ C:\WINDOWS\system32\picn1120.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
    2008-06-05 09:47:16 155648 -ra------ C:\WINDOWS\system32\picn1020.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
    2008-06-05 09:47:16 495616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll <Not Verified; Applied Science Fiction, Inc.; Applied Science Fiction's Digital ROC and Digital GEM Library>
    2008-06-05 09:47:14 0 d-------- C:\Program Files\Common Files\muvee Technologies
    2008-06-05 09:47:07 0 d-------- C:\Program Files\Nikon
    2008-06-05 09:46:40 0 d-------- C:\Program Files\Common Files\Nikon
    2008-06-02 19:25:27 0 d-------- C:\Program Files\Maize Studio


    -- Find3M Report ---------------------------------------------------------------

    2008-07-02 00:58:32 15672 --a------ C:\WINDOWS\system32\wacom.dat
    2008-05-23 20:19:56 0 d-------- C:\Program Files\Octoshape Streaming Services
    2008-05-08 13:37:12 34308 --a------ C:\WINDOWS\system32\Chip.dll
    2008-05-05 21:56:52 0 d-------- C:\Documents and Settings\ilke\Application Data\GarageGames


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4603004F-4ADA-4E1F-A6BB-5B6E41BAA288}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EE2725A-9811-440D-A8C9-B672BDAF43F3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD6F9D29-5DE3-42FB-971D-956CB68121F4}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Run StartupMonitor "= "StartupMonitor.exe" [05/20/2000 05:23 PM C:\WINDOWS\StartupMonitor.exe]
    "BootSkin Startup Jobs "= "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
    "Zone Labs Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/15/2005 12:51 AM]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [11/15/2001 06:00 PM]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 10:22 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [05/19/2006 06:11 PM]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    "IEUpdate "=C:\WINDOWS\system32\muik.exe

    C:\Documents and Settings\ilke\Start Menu\Programs\Startup\
    RK Launcher.lnk - C:\Program Files\RKlauncher\RKLauncher.exe [5/21/2007 10:23:23 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [7/9/2005 3:02:10 PM]
    Ashampoo Magic Defrag.lnk - C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe [1/19/2006 7:14:54 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [6/5/2008 9:47:14 AM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsMenu "=01000000
    "NoActiveDesktop "=01000000
    "ClearRecentDocsOnExit "=01000000
    "NoSMMyPictures "=01000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\Program Files\Common Files\Stardock\mcpstub.dll 08/25/2003 11:25 AM 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDvsR]
    rqRJDvsR.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll 01/20/2007 11:30 PM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=wbsys.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 C:\WINDOWS\system32\urqRHxxw

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "PlayNC Launcher "=C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
    "MagicKey "=C:\PROGRA~1\MEDIAK~1\MagicKey.exe
    "PCSuiteTrayApplication "=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    "Zone Labs Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03b02d20-da54-11db-a833-001167326d43}]
    Auto\command- K:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218d9711-41de-11dc-aa2e-001167326d43}]
    Auto\command- K:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218d9712-41de-11dc-aa2e-001167326d43}]
    Auto\command- K:\RavMonE.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bca1950-c84b-11db-a827-001167326d43}]
    Auto\command- L:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6dafb0-6dfb-11dc-8358-806d6172696f}]
    AutoRun\command- J:\setup.exe




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 .archivioadulti.com
    127.0.0.1 .internet-explorer.name
    127.0.0.1 .katasearch.com
    127.0.0.1 .preferiti-windows.com
    127.0.0.1 .qoogler.com
    127.0.0.1 .tuttoavolonta.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com

    8796 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-07-02 18:30:39 ------------
     
    iLKke,
    #1
  2. 2008/07/02
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Where is this 'Hosts' file and how do I get rid of it? :D

    Also, please note that my windows xp sp2 was installed in 2004 so there might be a lot of garbage laying around, although it worked just fine until this infection.

    ALSO:

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\ClipSrver

    scanning hidden autostart entries ...

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs = wbsys.dll?????????????

    scanning hidden files ...

    C:\WINDOWS\system32\drivers\clbdriver.sys 16384 bytes
    C:\WINDOWS\system32\dllcache\clb.dll 16384 bytes
    C:\WINDOWS\system32\clb.dll 16384 bytes
    C:\WINDOWS\system32\clbcatq.dll 507904 bytes
    C:\WINDOWS\system32\clbcatex.dll 114688 bytes
    C:\WINDOWS\system32\clbdll.dll 49152 bytes
    C:\WINDOWS\system32\clbinit.dll 16384 bytes
    C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll 475136 bytes
    C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll 114688 bytes
    C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll 114688 bytes
    C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll 507904 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 11

    Hope this helps. Thanks in advance!
     
    Last edited: 2008/07/02
    iLKke,
    #2


  3. to hide this advert.

  4. 2008/07/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi iLKke :)

    You need to download ComboFix and run it on that computer. If blocked, download it from another computer then transfer it to your desktop. If it appears to be blocked from running, try saving it to the desktop with a different name, such as Combo_Fix or something. Standard instructions for ComboFix follow.


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #3
  5. 2008/07/03
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Yay! It worked!

    I had a friend DL and mail combofix to me, then I had to rename it to ComboFix2.exe (combofix itself wouldn't allow Combo_Fix, FomboCix etc), then it did all the work.

    Thanks so much!
    If you are ever in need of new smilies, icons or buttons for the forum, please let me know, ok? :D

    I am posting the log so we can make sure:

    ComboFix 08-07-02.5 - ilke 2008-07-03 20:58:37.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.614 [GMT 2:00]
    Running from: C:\Documents and Settings\ilke\Desktop\ComboFix2.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\mainms.vpi
    C:\WINDOWS\megavid.cdt
    C:\WINDOWS\muotr.so
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\btfunc.dll
    C:\WINDOWS\system32\clbdll.dll
    C:\WINDOWS\system32\clbinit.dll
    C:\WINDOWS\system32\drivers\clbdriver.sys
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\pac.txt

    ----- BITS: Possible infected sites -----

    hxxp://launcher.patcher.ncsoft.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CLBDRIVER
    -------\Legacy_MSSECURITY1.209.4
    -------\Service_MsSecurity1.209.4
    -------\Service_npf


    ((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
    .

    2008-07-03 20:26 . 2008-07-03 20:26 <DIR> d-------- C:\FomboCix
    2008-07-02 18:24 . 2008-07-02 18:24 <DIR> d-------- C:\Deckard
    2008-07-02 18:19 . 2008-07-02 18:19 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-02 06:28 . 2008-07-02 06:28 <DIR> d-------- C:\Program Files\CCleaner
    2008-07-02 06:23 . 2008-07-02 06:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-07-01 21:43 . 2008-07-01 21:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-01 21:43 . 2008-07-01 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-01 10:06 . 2008-07-01 10:06 0 --a------ C:\WINDOWS\BMd7f4e5f6.xml
    2008-06-30 09:05 . 2008-06-30 09:05 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
    2008-06-30 09:00 . 2008-06-30 09:00 <DIR> d-------- C:\Documents and Settings\ilke\Application Data\DAEMON Tools
    2008-06-30 08:59 . 2008-06-30 08:59 <DIR> d-------- C:\Temp\itmp4
    2008-06-30 08:59 . 2008-06-30 08:59 <DIR> d-------- C:\Temp
    2008-06-30 08:59 . 2001-08-23 10:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
    2008-06-08 20:03 . 2008-06-08 20:03 <DIR> d-------- C:\Program Files\AmpliTube Jimi Hendrix
    2008-06-08 20:03 . 2008-06-10 01:33 16 --a------ C:\WINDOWS\system32\w3data.vss
    2008-06-08 20:03 . 2008-06-10 01:33 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
    2008-06-08 20:03 . 2008-06-10 01:33 16 --a------ C:\WINDOWS\msocreg32.dat
    2008-06-05 23:56 . 2008-06-06 01:01 320 --a------ C:\WINDOWS\energyXT.ini
    2008-06-05 19:13 . 2008-06-29 10:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-05 19:13 . 2008-06-05 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-05 10:18 . 2008-06-05 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2008-06-05 10:18 . 2008-06-05 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2008-06-05 10:18 . 2008-06-05 10:19 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-06-05 09:47 . 2008-06-05 09:47 <DIR> d-------- C:\Program Files\Nikon
    2008-06-05 09:47 . 2008-06-05 09:47 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
    2008-06-05 09:47 . 2008-06-05 09:47 <DIR> d-------- C:\Documents and Settings\ilke\Application Data\Nikon
    2008-06-05 09:46 . 2008-06-05 09:46 <DIR> d-------- C:\Program Files\Common Files\Nikon

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 22:03 4,816,896 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
    2008-06-30 22:03 1,507,328 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
    2008-06-30 07:00 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-29 23:00 18,854,210 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_06_28_19_52_37_full.dmp.zip
    2008-06-27 14:21 30,039 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_06_10_23_21_29_small.dmp.zip
    2008-06-27 14:21 28,777 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_06_18_08_58_15_small.dmp.zip
    2008-06-05 08:16 89,903 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_06_04_21_08_45_small.dmp.zip
    2008-06-02 17:25 --------- d-----w C:\Program Files\Maize Studio
    2008-05-23 18:19 --------- d-----w C:\Program Files\Octoshape Streaming Services
    2008-05-14 20:48 4,293,120 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
    2008-05-14 20:48 2,003,968 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-05-11 10:20 27,458 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_05_11_04_37_19_small.dmp.zip
    2008-05-08 11:37 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
    2008-05-05 19:56 --------- d-----w C:\Documents and Settings\ilke\Application Data\GarageGames
    2008-05-05 00:00 64,981 ------w C:\WINDOWS\Internet Logs\utorrent_2nd_2008_05_01_16_29_03_small.dmp.zip
    2008-05-05 00:00 63,205 ------w C:\WINDOWS\Internet Logs\utorrent_2nd_2008_05_01_16_29_00_small.dmp.zip
    2008-05-01 10:44 389,120 ----a-w C:\WINDOWS\Media\WinLogon.exe
    2008-04-22 18:27 65,399 ------w C:\WINDOWS\Internet Logs\utorrent_2nd_2008_04_19_04_41_24_small.dmp.zip
    2008-04-22 18:27 123,972 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_22_09_59_07_small.dmp.zip
    2008-04-13 03:13 936,960 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-04-08 18:00 112,684 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_02_38_20_small.dmp.zip
    2007-09-20 19:14 22,328 ----a-w C:\Documents and Settings\ilke\Application Data\PnkBstrK.sys
    2007-06-05 16:50 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-03-05 12:36 32,768 ----a-w C:\Program Files\VUmeter.exe
    2004-07-29 00:19 175,104 ----a-w C:\Program Files\lame_enc.dll
    2003-05-02 14:25 56,325 ----a-w C:\Program Files\Glass2k.exe
    2004-02-06 15:17 339,968 ----a-w C:\Program Files\mozilla firefox\plugins\js3250.dll
    2004-12-18 16:31 56 --sh--r C:\WINDOWS\system32\8FDBB4B1DF.sys
    2006-01-22 16:32 205 --sh--r C:\WINDOWS\system32\nulware.exe
    2008-03-19 07:55 2,098 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2006-03-12 21:15 88 --sh--r C:\WINDOWS\system32\6E7910B821.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 18:11 18577448]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BootSkin Startup Jobs "= "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "Zone Labs Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 18:00 196608]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
    "Run StartupMonitor "= "StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
    "PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

    C:\Documents and Settings\ilke\Start Menu\Programs\Startup\
    RK Launcher.lnk - C:\Program Files\RKlauncher\RKLauncher.exe [2007-05-21 22:23:23 692224]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-07-09 15:02:10 155715]
    Ashampoo Magic Defrag.lnk - C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe [2006-01-19 19:14:54 4149361]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-06-05 09:47:14 118784]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures "= 01000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost "= "C:\\WINDOWS\\system32\\logonuiX.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    2003-08-25 11:25 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2007-01-20 23:30 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds "= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
    "SENTINEL "= snti386.dll
    "MIDI3 "= myokent.dll
    "MIDI4 "= myokent.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "PlayNC Launcher "=C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
    "MagicKey "=C:\PROGRA~1\MEDIAK~1\MagicKey.exe
    "PCSuiteTrayApplication "=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    "Zone Labs Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe "=
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe "=
    "C:\\WINDOWS\\System32\\dplaysvr.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Roger Wilco\\roger.exe "=
    "C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE "=
    "C:\\Program Files\\Java\\jre1.5.0_01\\BIN\\javaw.exe "=
    "C:\\Program Files\\GeoWhere Lite\\GeoWhere.2.40.lite.exe "=
    "C:\\Program Files\\mIRC\\mirc.exe "=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe "=
    "C:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe "=
    "C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe "=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe "=
    "C:\\Program Files\\utorrent\\utorrent.exe "=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
    "H:\\KartRider\\NMService.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19257:TCP "= 19257:TCP:BITLORD PORT TCP
    "19257:UDP "= 19257:UDP:BITLORD PORT UDP
    "6881:TCP "= 6881:TCP:BitTorrent Listening Port
    "49152:TCP "= 49152:TCP:BitLord49152TCP
    "22188:TCP "= 22188:TCP:LimeWire 22188
    "49152:UDP "= 49152:UDP:BitLord48152UDP

    R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 17:08]
    R2 ElectroServer Service;ElectroServer Service;c:\progra~1\electr~1\electr~1\electr~1.exe [2006-04-23 09:07]
    R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-11-20 17:07]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6dafb0-6dfb-11dc-8358-806d6172696f}]
    \Shell\AutoRun\command - J:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-27 15:16:48 C:\WINDOWS\Tasks\1-Click Maintenance.job "
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{4603004F-4ADA-4E1F-A6BB-5B6E41BAA288} - (no file)
    BHO-{7EE2725A-9811-440D-A8C9-B672BDAF43F3} - (no file)
    BHO-{ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
    BHO-{BD6F9D29-5DE3-42FB-971D-956CB68121F4} - (no file)
    HKU-Default-Run-IEUpdate - C:\WINDOWS\system32\muik.exe
    Notify-rqRJDvsR - rqRJDvsR.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-03 21:08:49
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\RKlauncher\docklets\yzstartmenu\yzmenuhook.func
    -> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
    C:\PROGRAM FILES\ASHAMPOO MAGIC DEFRAG\BIN\ADEFRAGSERVICE.EXE
    C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
    C:\PROGRAM FILES\ELECTROTANK\ELECTROSERVER 3\ELECTR~1.EXE
    C:\PROGRAM FILES\NETLIMITER 2 MONITOR\NLSVC.EXE
    C:\WINDOWS\SYSTEM32\TABLET.EXE
    C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\COMMON FILES\STARDOCK\SDMCP.EXE
    C:\PROGRAM FILES\NETLIMITER 2 MONITOR\NLCLIENT.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-07-03 21:22:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-03 19:19:42

    Pre-Run: 671,825,920 bytes free
    Post-Run: 645,513,216 bytes free

    241
     
    Last edited: 2008/07/03
    iLKke,
    #4
  6. 2008/07/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That's great! Please delete the folder C:\FomboCix, and if present, C:\ComboFix2

    Delete the ComboFix2.exe file on your desktop. Now, download a fresh copy from here, saving it to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Do you or have you downloaded anything from ncsoft.com?
     
    noahdfear,
    #5
  7. 2008/07/05
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    NCSoft is the company behind Guild Wars, a MMO game that I used to play. They have this launcher or manager or something that serves for updating game files, managing accounts etc. Frankly, I'd be surprised to find that their software is malicious in any way. So far their business ethics have been exemplary.

    Should I also delete C:/Deckard/ and C:/QooBox/?
    The latter one seems to be related to ComboFix. It contains system snapshots and quarantined files.
     
    Last edited: 2008/07/05
    iLKke,
    #6
  8. 2008/07/05
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Leave those two folders for now. Just run the latest ComboFix and post the log. Don't rename it this time.

    Thanks for the info RE: ncsoft ;)
     
    noahdfear,
    #7
  9. 2008/07/07
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    You're welcome :D

    CF went much smoother and faster than last time.
    Here's what it had to say in the end:

    ---

    ComboFix 08-07-05.1 - ilke 2008-07-07 23:13:43.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.557 [GMT 2:00]
    Running from: C:\Documents and Settings\ilke\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
    .

    2008-07-02 18:24 . 2008-07-02 18:24 <DIR> d-------- C:\Deckard
    2008-07-02 18:19 . 2008-07-02 18:19 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-02 06:28 . 2008-07-02 06:28 <DIR> d-------- C:\Program Files\CCleaner
    2008-07-02 06:23 . 2008-07-02 06:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-07-01 21:43 . 2008-07-01 21:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-01 21:43 . 2008-07-01 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-01 10:06 . 2008-07-01 10:06 0 --a------ C:\WINDOWS\BMd7f4e5f6.xml
    2008-06-30 09:05 . 2008-06-30 09:05 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
    2008-06-30 09:00 . 2008-06-30 09:00 <DIR> d-------- C:\Documents and Settings\ilke\Application Data\DAEMON Tools
    2008-06-30 08:59 . 2008-06-30 08:59 <DIR> d-------- C:\Temp\itmp4
    2008-06-30 08:59 . 2008-06-30 08:59 <DIR> d-------- C:\Temp
    2008-06-30 08:59 . 2001-08-23 10:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
    2008-06-08 20:03 . 2008-06-08 20:03 <DIR> d-------- C:\Program Files\AmpliTube Jimi Hendrix
    2008-06-08 20:03 . 2008-06-10 01:33 16 --a------ C:\WINDOWS\system32\w3data.vss
    2008-06-08 20:03 . 2008-06-10 01:33 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
    2008-06-08 20:03 . 2008-06-10 01:33 16 --a------ C:\WINDOWS\msocreg32.dat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 22:03 4,816,896 ------w C:\WINDOWS\Internet Logs\xDBF.tmp
    2008-06-30 22:03 1,507,328 ------w C:\WINDOWS\Internet Logs\xDBE.tmp
    2008-06-30 07:00 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-29 23:00 18,854,210 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_06_28_19_52_37_full.dmp.zip
    2008-06-27 14:21 30,039 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_06_10_23_21_29_small.dmp.zip
    2008-06-27 14:21 28,777 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_06_18_08_58_15_small.dmp.zip
    2008-06-05 08:19 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-06-05 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2008-06-05 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2008-06-05 08:16 89,903 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_06_04_21_08_45_small.dmp.zip
    2008-06-05 07:47 --------- d-----w C:\Program Files\Nikon
    2008-06-05 07:47 --------- d-----w C:\Program Files\Common Files\muvee Technologies
    2008-06-05 07:47 --------- d-----w C:\Documents and Settings\ilke\Application Data\Nikon
    2008-06-05 07:46 --------- d-----w C:\Program Files\Common Files\Nikon
    2008-06-02 17:25 --------- d-----w C:\Program Files\Maize Studio
    2008-05-23 18:19 --------- d-----w C:\Program Files\Octoshape Streaming Services
    2008-05-14 20:48 4,293,120 ------w C:\WINDOWS\Internet Logs\xDBD.tmp
    2008-05-14 20:48 2,003,968 ------w C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-05-11 10:20 27,458 ------w C:\WINDOWS\Internet Logs\Totalcmd_2nd_2008_05_11_04_37_19_small.dmp.zip
    2008-05-08 11:37 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
    2008-05-05 00:00 64,981 ------w C:\WINDOWS\Internet Logs\utorrent_2nd_2008_05_01_16_29_03_small.dmp.zip
    2008-05-05 00:00 63,205 ------w C:\WINDOWS\Internet Logs\utorrent_2nd_2008_05_01_16_29_00_small.dmp.zip
    2008-05-01 10:44 389,120 ----a-w C:\WINDOWS\Media\WinLogon.exe
    2008-04-22 18:27 65,399 ------w C:\WINDOWS\Internet Logs\utorrent_2nd_2008_04_19_04_41_24_small.dmp.zip
    2008-04-22 18:27 123,972 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_22_09_59_07_small.dmp.zip
    2008-04-13 03:13 936,960 ------w C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-04-08 18:00 112,684 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_08_02_38_20_small.dmp.zip
    2007-09-20 19:14 22,328 ----a-w C:\Documents and Settings\ilke\Application Data\PnkBstrK.sys
    2007-06-05 16:50 32 ----a-r C:\Documents and Settings\All Users\hash.dat
    2006-03-05 12:36 32,768 ----a-w C:\Program Files\VUmeter.exe
    2004-07-29 00:19 175,104 ----a-w C:\Program Files\lame_enc.dll
    2003-05-02 14:25 56,325 ----a-w C:\Program Files\Glass2k.exe
    2004-02-06 15:17 339,968 ----a-w C:\Program Files\mozilla firefox\plugins\js3250.dll
    2004-12-18 16:31 56 --sh--r C:\WINDOWS\system32\8FDBB4B1DF.sys
    2006-01-22 16:32 205 --sh--r C:\WINDOWS\system32\nulware.exe
    2008-03-19 07:55 2,098 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2006-03-12 21:15 88 --sh--r C:\WINDOWS\system32\6E7910B821.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-03_21.13.41.51 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-27 14:37:30 63,832 ------w C:\WINDOWS\system32\ZoneLabs\boot.dat
    + 2008-07-07 19:18:42 63,864 ----a-w C:\WINDOWS\system32\ZoneLabs\boot.dat
    - 2008-06-27 14:37:30 15,313,928 ------w C:\WINDOWS\system32\ZoneLabs\vet.dat
    + 2008-07-07 19:18:42 15,376,792 ----a-w C:\WINDOWS\system32\ZoneLabs\vet.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 18:11 18577448]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BootSkin Startup Jobs "= "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "Zone Labs Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 00:51 755472]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 18:00 196608]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
    "Run StartupMonitor "= "StartupMonitor.exe" [2000-05-20 17:23 86016 C:\WINDOWS\StartupMonitor.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
    "PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

    C:\Documents and Settings\ilke\Start Menu\Programs\Startup\
    RK Launcher.lnk - C:\Program Files\RKlauncher\RKLauncher.exe [2007-05-21 22:23:23 692224]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-07-09 15:02:10 155715]
    Ashampoo Magic Defrag.lnk - C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe [2006-01-19 19:14:54 4149361]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-06-05 09:47:14 118784]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures "= 01000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost "= "C:\\WINDOWS\\system32\\logonuiX.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    2003-08-25 11:25 139264 C:\Program Files\Common Files\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2007-01-20 23:30 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds "= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
    "SENTINEL "= snti386.dll
    "MIDI3 "= myokent.dll
    "MIDI4 "= myokent.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    "Skype "= "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    "PlayNC Launcher "=C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    "PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    "MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
    "MagicKey "=C:\PROGRA~1\MEDIAK~1\MagicKey.exe
    "PCSuiteTrayApplication "=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    "Zone Labs Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe "=
    "C:\\Program Files\\BitTorrent\\btdownloadgui.exe "=
    "C:\\WINDOWS\\System32\\dplaysvr.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Roger Wilco\\roger.exe "=
    "C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE "=
    "C:\\Program Files\\Java\\jre1.5.0_01\\BIN\\javaw.exe "=
    "C:\\Program Files\\GeoWhere Lite\\GeoWhere.2.40.lite.exe "=
    "C:\\Program Files\\BitLord1.1\\BitLord.exe "=
    "C:\\Program Files\\mIRC\\mirc.exe "=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe "=
    "C:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe "=
    "C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe "=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe "=
    "C:\\Program Files\\utorrent\\utorrent.exe "=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
    "C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
    "H:\\KartRider\\NMService.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19257:TCP "= 19257:TCP:BITLORD PORT TCP
    "19257:UDP "= 19257:UDP:BITLORD PORT UDP
    "6881:TCP "= 6881:TCP:BitTorrent Listening Port
    "49152:TCP "= 49152:TCP:BitLord49152TCP
    "22188:TCP "= 22188:TCP:LimeWire 22188
    "49152:UDP "= 49152:UDP:BitLord48152UDP

    R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 17:08]
    R2 ElectroServer Service;ElectroServer Service;c:\progra~1\electr~1\electr~1\electr~1.exe [2006-04-23 09:07]
    R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2002-11-20 17:07]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab155b0-7012-11da-a6eb-806d6172696f}]
    \Shell\Auto\command - K:\setup.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb6dafb0-6dfb-11dc-8358-806d6172696f}]
    \Shell\AutoRun\command - J:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-07-04 16:06:32 C:\WINDOWS\Tasks\1-Click Maintenance.job "
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-07 23:16:46
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
    .
    Completion time: 2008-07-07 23:17:21
    ComboFix-quarantined-files.txt 2008-07-07 21:17:20

    Pre-Run: 306,937,856 bytes free
    Post-Run: 291,078,144 bytes free

    197

    ---

    By the way, when I ran CF, it registered GrpConv.exe (or similar) to run when windows is started. I take it that is normal?
     
    iLKke,
    #8
  10. 2008/07/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    ComboFix will create a run entry for itself if it's required to reboot the machine, however, I've never heard of it creating one for grpconv.exe, nor do I see a startup for it in your log. Lets see what happens after this run.

    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    
http://www.windowsbbs.com/showpost.php?p=405156&postcount=8

Collect::[22]
C:\WINDOWS\system32\8FDBB4B1DF.sys
C:\WINDOWS\system32\nulware.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\6E7910B821.sys
Suspect::[22]
C:\WINDOWS\system32\w3data.vss
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\msocreg32.dat
C:\WINDOWS\system32\Chip.dll
File::
C:\WINDOWS\BMd7f4e5f6.xml
Folder::
C:\Temp\itmp4
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab155b0-7012-11da-a6eb-806d6172696f}]
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please note that I have instructed CFScript to collect some files for analysis. This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. Thanks!
     
    noahdfear,
    #9
  11. 2008/07/10
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    "Your file was successfully submitted. Please let the user helping you know that you have submitted the file. "

    So I'm letting you know :D

    By the way, after running CF, reboot, and uploading the file, zonealarm asked me to let Nircmd.exe access cmd.exe, and I let it. This is expected, I presume?

    ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:18:17 PM, on 7/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Ashampoo Magic Defrag\bin\aDefragService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\progra~1\electr~1\electr~1\electr~1.exe
    C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    C:\Program Files\RKlauncher\RKLauncher.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\totalcmd\Totalcmd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: (no name) - !{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RK Launcher.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra button: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLL
    O9 - Extra 'Tools' menuitem: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
    O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200826104256
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo Magic Defrag\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ElectroServer Service - Unknown owner - c:\progra~1\electr~1\electr~1\electr~1.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    --
    End of file - 9657 bytes
     
    iLKke,
    #10
  12. 2008/07/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I missed a file for submission, so lets get that uploaded and checked out, then we'll continue.

    Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

    C:\WINDOWS\Media\WinLogon.exe

    Thanks!

    I have to ask ....... where did the AmpliTube Jimi Hendrix program come from, eg; p2p, legitimate site, other? You have several files that came in at the same time that don't appear to be related.
     
    noahdfear,
    #11
  13. 2008/07/11
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Not at home atm, but I will send the file asap.

    As for amplitube, I guess the answer is 'other'. It was installed by a friend of mine when we needed it to process bits of a birthday song we made for another friend. I never really gave it much thought, but this guy owns a rehearsing/recording studio, so I guess he has a legit copy.

    If it seems suspicious, I will uninstall it, cause I don't have much use for it anymore.

    edit: submitted the file!

    Thanks once again for all your trouble :D
     
    Last edited: 2008/07/11
    iLKke,
    #12
  14. 2008/07/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    The winlogon file you submitted is rogue. Please delete it.

    The Jimi Hendrix program isn't what concerned me, but the 3 files that were create at the same time that don't appear to be related to the program.

    C:\WINDOWS\system32\w3data.vss
    C:\WINDOWS\system32\msvcsv60.dll
    C:\WINDOWS\msocreg32.dat

    Tell you what, create a folder in C: named suspect, then move those files to that folder. Make sure everything is still working as it should, including the Jimi program. If no problems surface, you should be able to safely delete that folder after a couple weeks or so.

    Now, scan again with HijackThis and place a check next to the following entries.

    O2 - BHO: (no name) - !{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

    Close all other windows then click Fix Checked. Close HijackThis.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Lets see if we've missed anything. Please scan with Kaspersky WebScanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and a fresh HijackThis log.
     
    noahdfear,
    #13
  15. 2008/07/13
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    I did as you suggested.
    Those three suspicious files seem to contain exactly the same data!
    Guess that makes them even more suspicious.

    Here are the logs:

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:26:50 PM, on 7/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Ashampoo Magic Defrag\bin\aDefragService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    c:\progra~1\electr~1\electr~1\electr~1.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\RKlauncher\RKLauncher.exe
    C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\totalcmd\Totalcmd.exe
    C:\Program Files\Pidgin\pidgin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RK Launcher.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
    O9 - Extra button: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLL
    O9 - Extra 'Tools' menuitem: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
    O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.shizmoo.com/activex/web665.cab
    O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200826104256
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo Magic Defrag\bin\aDefragService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ElectroServer Service - Unknown owner - c:\progra~1\electr~1\electr~1\electr~1.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    --
    End of file - 9983 bytes
     
    iLKke,
    #14
  16. 2008/07/13
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Kaspersky log is apparently too long for a single post, so here it is in several parts:

    Kaspersky 1

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, July 13, 2008 12:01:12 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 12/07/2008
    Kaspersky Anti-Virus database records: 944563
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 367438
    Number of viruses found: 11
    Number of infected objects: 21
    Number of suspicious objects: 0
    Duration of the scan process: 07:50:04

    Infected Object Name / Virus Name / Last Action
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\03YX2DWZ\spywaredetect2[1].exe Infected: not-a-virus:FraudTool.Win32.SecurityAlert.g skipped
    C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\Temp\ZLT025f0.TMP Object is locked skipped
    C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
    C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\imsDebug.log Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\Internet Logs\KOMPUTA.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1045C172-34C5-4C81-BEF9-2C7C20B93AEA.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FBC1B302-6AB4-4363-A865-F0A42D0D748B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5A1AC1BF-5818-4B8F-BFD1-4F9DF91AD23B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E18DEA79-5D86-4DE4-ACA6-3D190B9BD29E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-68C93C29-A96D-41FB-A461-4A2C1C4F4ACA.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AEFAEF4C-7195-49C3-BE07-37D16E217CE9.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EEB9FFEF-D6BB-49D4-B0E1-A0746B4F84CC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4264A764-92F3-439F-B9B2-13A01AA60AD8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ECE59A97-581D-4DFC-A9AF-4E878BD8FE44.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-98F55681-310F-4570-B082-E9347906464A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E3198571-81A2-4D81-97B6-A2A262445AF3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E5ED2081-A1A6-4328-BDED-7429DF012CB4.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5C4ED463-B271-4E58-B27A-8AF117D9508A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A44E30EC-09B2-4196-A3FA-3F49AAC3652F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5F015EB7-D0CE-48D1-9AF5-A0166283B272.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2C5B2F89-D661-4AC4-B54A-314EF8FBDEC0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D3DD79DA-BBBA-4E30-9ACB-50EFE3A2696D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0BB5AD21-2BF5-4672-980B-E07E2EE1EBAF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-82A03CCB-FCDC-437B-9827-C49E355F80A8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C71A7B15-72E9-4AC5-ABD4-8EF01EABC03C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-91BB6EEA-5568-4278-9048-2126D654060C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2955E52B-0612-4489-89CF-F5E0C18EECDC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C0DF7E0C-C985-4E1C-9050-0103F0FF927F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0367153B-04E4-4A6A-AED8-433DE2305A7D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3189BEFA-8D05-4CD3-B46A-488C93CA658A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F2864316-6394-4E3D-A3DE-A38BBCB8C2A1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9A8AB29C-53B8-4B20-A77B-BEE819A76170.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-95E69FA2-9D14-45D7-B189-C2BBC5812FD3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5656393D-71CE-4882-B0FC-FF17BF85B5A1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-868C3DAA-A98D-4A40-81CD-6C895252C6C1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E3DF4701-59E3-45CA-B616-33B0E48118A8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2A9C8382-29E8-4F32-9E74-BC1A9600D7C1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DE87FB94-1CF3-4241-B040-956A55197FE9.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D2C86598-2A85-4AF1-B82F-6627E8EA04CF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6EBC5453-7806-493C-96E0-66C2058D3EAD.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2B418347-546F-44DD-A7E3-4BDB9F253098.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BA22BE86-2E3F-45E6-BC52-7BD9B145705A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-544BDD20-1EE9-4909-B837-C07D4585477F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BAB025B5-DC98-4FEB-A628-D6EE98247551.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-CF69383C-985B-423D-BB78-E15813A598AE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B052B9A6-AE91-44D1-B006-5406D8C7DFCD.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B75EEA40-F254-4550-898A-7EAB5E0772B6.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-80635970-650D-4CD4-82A9-89B435C799F6.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-768C2AC4-8317-4364-A70B-F75F0561788B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DCBDFB96-1752-4E2B-BDBD-117A88958BA4.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D5DA4A24-4903-40BD-A7F3-9CC3957BF1C6.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F373D610-6B05-4FAD-A923-451052D631CF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-020F442F-8080-46EB-84F5-5C664FA46754.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B2E86944-CD25-4BFF-9FF5-01A9AFA6172A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B5DCAC9B-97E9-4130-937E-E559EDE5DE4D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B5B791F8-855E-4CAA-9A2F-4A82302C853D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C298AC6D-306A-4446-BAB8-0C0FFD291A33.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A25488F8-B50E-46F8-8790-776403E2F24A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DBC30F09-52B7-47DD-9A7D-EF33606CD7FE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-764D8615-69C1-4930-B5B1-D865B0CF944C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-58C1B24B-F304-4322-9FF6-786F2EBE978D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-38105A0A-8D20-45FF-9560-C1F3FD0ACABD.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D3F27511-2A8F-4BA1-8769-749A62760125.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B6DED242-BBE8-41BA-B624-CFC06D8B9DDF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-35321D5A-8109-4341-A63D-25834A0D36D7.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AB5083DE-F9B1-4AB6-A60B-C833915F66AF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7DBB6DE8-8E5D-47F1-B78C-13E41A9FAAD5.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D7CA4B74-88B9-47B2-8AAD-A30F977983A8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-72D314DE-FA00-4A87-8776-0FE53382D896.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-365A46DF-FBF6-4A56-B83A-DC3C5989F3C4.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0A598595-BA67-49AD-828C-4FC4E4D7A08C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EEBCB21F-B7CA-42A2-B8CA-25325D51A6C5.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F4560AD7-4AA0-4C7A-8784-851B78E58185.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0A9C3BA4-BF4B-4E5F-9AF8-4A8DB87B3812.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-536224AE-9B51-45C1-AC42-1A7134FB2A8B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3585D285-27D3-4DEF-BA8C-564CFCB37097.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-333A65B3-E5C5-4A2A-8353-076A4F9B362C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-DCE6F7D3-9673-46F0-A3D7-9297677A2C19.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A8AA65DD-D14F-4235-A78A-6FCF531AA19D.dat Object is locked skipped
     
    iLKke,
    #15
  17. 2008/07/13
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Kaspersky 2

    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4EDAF512-1B2A-4EC9-9781-313AF59C4E1B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5E27A340-D5B4-4504-BF08-EC1C1A95BF85.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1A59BF8F-B235-4252-9FF7-BEC8CDFB0741.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FA445111-7417-4B9F-99C9-A7ED311813F3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5379712D-1BF0-40BB-A36F-0F6E42AB246E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-51910A36-BB9F-40EC-9826-57BC92FCD962.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-53F73167-2395-4430-9484-8485BFD9FADA.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2D0C9E13-6543-4DCF-94AF-5C01A1A7C973.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FFE2C7FC-35CA-42E8-85A6-C9D64A3754EF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2796A765-48D0-42F9-8C37-62C86195FA04.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2A602C53-6F71-495D-90E6-CE1D37ECCCF4.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-05BFC73F-5E32-4F6D-8D23-79111D1C098F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8C2C450D-CAF9-4FE5-9614-CD398866E483.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-30E90CDB-1A6F-45FB-81E1-12FDF614CDC0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4992E375-60FB-433F-9C88-F4120669BC6D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-48BA7419-4AD0-42EF-BA60-398D38649B5E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BC40C255-637B-4B4B-935A-C27764D4B353.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-74270DB0-51C3-4AF3-9B38-1493CECB10A9.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9F12D00E-E970-4E82-AD95-07F1EB3F8A87.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-113BD1A1-D19B-4F62-B23B-6D55E233B369.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-40675821-A73E-478A-B431-43714E2884B0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4EC6C8BE-399E-4D74-8EC5-51F0F5AD5812.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F0D3088D-224B-474C-A8D2-9E96E5C26BDF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-268BD174-7110-4FFF-A81D-DC872601C5CE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-43AEF8D6-2A2F-4319-A94E-F5C860BFB9A1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-53603E3E-FED6-4842-8FAB-66DA0BA388EE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8FF21842-6E2E-4830-9584-B6813237126A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-46E20115-3638-4940-8998-535D5902CFB3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-51822BE8-DDA2-4D17-A3B7-04F5057857FB.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B2D2FD90-0A64-43C9-A7E5-5CFED776A43B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C2F41658-F12C-473A-A01F-3390CB286BE3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5E23F34B-D465-49B5-8928-06BF44D787EC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-73FB2F6A-49F4-4660-946A-60211C8C74A1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ECE1AB34-D7AC-465D-A766-0C5C58567DC8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-05F588CD-8CA5-472E-ADCD-C673CAA5F491.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-83A9038D-E897-42CB-84C8-5C4C29302CA3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-66487DCF-2E04-4086-B27D-49945F833FF0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-28BECD70-EE30-48CD-9DF7-0BBF48FEF1B0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3A7BC06E-73CE-4ADE-91C3-8C71C01A6E75.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-061C3649-BFCA-46D7-9AC9-4888AABC964D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7684FD47-D901-4BC4-9BD7-F6E92F2A9CC9.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-232FB87F-BA48-4D38-BA85-3C725F5FB804.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EB101C05-B198-4166-8365-8790EDE96DF9.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-46B7F3C9-B0AA-446A-B7D2-477C673F1096.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9AD89718-CF17-45F2-A148-CA2BB34095A7.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BD929A6B-1D09-4836-897A-27442991228B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9D851A00-AAA9-48B8-B746-D9B18877A17D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-83C5F28A-B6D1-4580-BEDE-F2CC1AFA0972.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6BF4D92C-4B8C-407B-8AA8-3F8298EF5693.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-05522A63-778B-4422-9515-70B4FF2FAE60.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7E8E7414-6BF4-4206-AAC8-AC4E7A805A9E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F7879D75-822C-4060-9EA7-FD272999B20D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E8CBD37E-612B-4E92-9F31-C3A5EEF9AD9A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-36E31529-62C9-4F15-828A-7F497B134F65.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-84935B79-A705-4F5F-A9E9-7829E57E84C2.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8F42BB87-3DD8-4298-996F-50B86F6089FB.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F23CC11D-92DF-4ECE-8079-321A960D7A81.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-700C0DB4-8702-4673-B9F2-00E833030BD5.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-88F9F560-439F-4C9A-829F-0FD42C311982.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1C88706D-6375-4724-A675-B017F97B64B1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-48469215-3E0F-4079-AE2E-2CAD191FACFE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-173AB0BB-B4BD-486C-9163-7DFCAE5DE5B5.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C3BC336D-11FF-4FE3-9B66-2889308E0FDC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9795E953-A4DD-45B2-BB0E-E2BEC47A8A51.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0900BFDC-87BB-4114-9D7E-2F82E33A545E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-55D77E2E-4152-443D-B370-CE1D26D32BB3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-473CD2A5-1498-421C-85F4-EA05981B0D44.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E71B283B-CB6F-4091-A00E-07691AA73739.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9C6014BB-AE1C-455C-9B89-D6DC1661184F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EFEE10E8-EC18-4C19-952F-013DA648CB95.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-68FC0C55-3572-4681-853F-9E1D991F845B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0BB2E20C-FAE2-49A1-B2B9-ADC6E9E97915.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4A26041C-B9A3-4E02-93C7-ADCBE8D09626.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B7EADAF3-ECFF-4135-8B92-14BAF7F64A6E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B1BC91AD-87BB-453F-807F-2A22F2395758.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C0DACC7E-D8EE-42C2-8748-2720DB347D25.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9A1D87E1-B6EE-49ED-A759-A5FD5DD1BB48.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-01BBB07E-98A1-4E3C-BE04-38C6ECEAF00E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F364AE7C-C8E6-4C78-81D2-9597FA3842ED.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AB55B2ED-E520-4AE2-9933-AC91133CDEA5.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3C209C3E-A3D8-4EFD-B937-117614689557.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-88E7F31F-878E-439A-B551-083550B50E3A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-139ECDF6-079E-4018-8AAA-0E5A39ABC2C8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F11D771A-9577-4524-A0FF-EFEF980DD8B8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0B60BD61-BB91-432F-9CC0-FFA66F843C61.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-537981A1-C87B-4452-98E5-44741199049B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FFFD4AC5-15CA-4239-A6B0-6577EFB34DA4.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EADB27A0-5FD0-4A6B-9137-AFC89E931511.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-48837C76-3613-4AB6-A674-E1DE25B65E2F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-93C656F8-03BD-4B27-B260-FE5CEBDE7EC0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-41686E19-2241-4072-A7A4-8862B160B963.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0BBD66B9-ABAA-4D81-8321-3BE450A54998.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4DCF243D-76AE-4EEB-98DF-369D1897E8D2.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-46A3A3E5-A05B-4C70-9279-8AFE57BD1010.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B7CD1823-CC67-4A95-817C-A0D9877DFDEC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E30C39C8-2727-4974-81A9-AD8EC611175C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1059B623-AA14-45EF-8046-7458B21141A0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D4F1D6CA-45F9-4C2E-B0B0-E4F4B922357F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7F412FE9-66FF-4D61-9890-C92D026E24EB.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-00AF62F5-5BAF-483A-91DB-4B632B0EAF39.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EA625AB3-E07F-4528-97E1-BEB29A70C9DC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4EE879D8-8323-4F06-BC3F-4B375103137B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B5A733D8-8AF5-4258-ABF0-38A58EB107BE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-71854B9F-980C-4E4C-A7CF-7010A0221B30.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AD595172-F898-4951-B19A-96A980D4AD0A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B4EB2988-E384-422D-B5BC-3ADA67B56144.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D508F739-592D-44D1-9D2B-0F84065EAB88.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D446668B-A812-4C5F-BB5F-1D8C3A52CDF4.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7475FCD6-A650-454E-B726-4F3355696C1C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7FEB3518-E25F-4F30-82D1-5A00AFBF56A1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B850F89A-24D5-48C0-9BD7-3D674F0DDB28.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FE67FD80-59FE-4D25-8696-8A9DED6EFCE1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-28CCD0E0-4E69-495F-817F-4F0B541E4974.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5810E146-A961-46B0-BADA-48C6C94889ED.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-74B7498B-9D27-4557-9B26-1CBBF9683924.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6E3CEB70-ECD1-42D7-B965-AF7091A83C2D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-689544A6-C970-4A61-A9CE-23148AC19473.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-1338EAB7-1211-469B-9DB1-A9B577A399D3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2603A76E-0EC4-4B12-B2DB-2B6A086ED27A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2FD86EEE-FF86-4C7A-AA9B-DC41D1248656.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-097B4967-289F-4FB8-BF04-A290DE7809E8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-20EEBD8E-5746-4DA0-BBF9-AEF97505A01F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-2118D1E8-89ED-4913-BFC1-DFF9935D0B47.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C6E21EDA-6C43-4944-9AA1-5AC557E3EE47.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B530A118-65FC-476E-97C5-700D6379E5A6.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C537F590-CDE3-4A60-875B-186E137AB14D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5B6998D3-13FA-49A8-AA7D-28B403CA66DF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-257750D2-B18D-4469-91A4-C5578414AD1C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8C5184B6-26E1-4BAD-A957-698A2C82E5F8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-030718CE-963C-48F7-90C7-4036DAB3DF5E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E20ED59B-9CA5-484F-86E6-3FBD8E8CCF41.dat Object is locked skipped
     
    iLKke,
    #16
  18. 2008/07/13
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Kaspersky 3:
    (conclusion of the trilogy)

    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-72D7A168-FB6B-48A4-B438-191E5567AC3E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-ED03F35B-10C0-4B91-B5E1-FC1CA09D416C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6FA78621-2B7A-4BF5-9369-B58C0FA3450D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3C01D9B0-6462-457F-9EB1-48FA203E6166.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-3C4C1960-CA82-40A4-8BC7-293B72B865F2.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6987A96E-78E2-41A9-900B-BB16687C4D5C.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5B1FBBF0-62CC-46B6-A37C-E12B12867427.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-19303BCA-B7B7-4734-A5E0-22A2102C2308.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B45E716C-36F0-41DA-B3C9-28070BCF9179.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B0E3B56C-102A-460F-835E-D94F631A5735.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-19898355-3678-4F5F-A732-2495C88AFA04.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5780A90D-A2AF-4926-A7AE-3E0AFB5C4F09.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D667F87F-6595-48FA-8AE7-79C1F654FD70.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F22FF608-CAB4-4BFB-B5B3-D5F27514B61D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-38676A1E-C926-4050-B0E2-0356A6B950BA.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B9B6C1F8-EBA6-481D-B8EE-8C486C24D4D2.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D9191559-0820-4EC4-8069-F353C7D8D340.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-486F00B7-6608-4815-879A-219176EC7052.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-6E71E941-86B3-4BE3-AFAE-6D768CC75D52.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A3F341EA-F5EF-400E-9AFA-7C4FAD91D600.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-472D6A46-A15D-4BFA-A8DB-ACBFD4EFA5FE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7CE02A03-F6F2-4EFF-B5C3-6F88B7312842.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E0F260CF-CBF2-44E0-9D09-A4877C66EEC1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-8947F7D3-8795-45FF-B964-2C8755036BAE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FE5E606F-84FA-473F-9A08-95DBFC7F7AAB.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-479933E1-6CBB-4746-AB71-C9B6317B1CD3.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-83442E15-48D7-41A9-B193-B1CA59EBED98.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-14EDBF1B-E7BF-45B7-B12F-9B5C6B736983.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-60DB26C2-4DD7-4D64-8B2A-06D281F83CFC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E9DADF0A-BA62-46B8-A21F-620D70DB4FD7.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-0690B248-00CE-4349-8F85-305D60DA59CA.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C6D4D632-2B95-4A2C-BC94-D915B11C75C1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-34B931C9-2DD5-490E-8F54-E855916D366B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E8790B4E-2D19-4D1E-8FC9-13C6531C83EF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-B0FFCB70-6B98-421D-BCFF-4C6F794EA153.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-99FB3961-8F22-4352-96AC-3C5894DD8CCF.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5851342F-7573-42CC-8277-BAFAE47FB78B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5923F1EC-9A3D-4DDD-B4FB-B9A1842866DE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-E330AE07-0235-400B-A8CF-8CCA6E363720.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FEB66663-8906-447A-8CCD-71B62AC2CFB6.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EC7FC707-99DA-4BE0-8309-477CC35A5DCA.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-448DE9F0-3725-405A-A5C8-EFFE214F2692.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D875A993-07FB-440C-967A-F412B572FC6B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-A93E4DC5-6761-4BA1-B953-90498B69B31E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F0F74FF5-9F27-4232-A3B7-1C4C569171FC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EF056286-41C8-4D9A-BEDC-D72453594FC1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-65F913A7-B35E-4710-B5A6-AB9869A52CAC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-49D4B81C-9264-410B-B9CE-CB994D1A477D.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EE5D6349-96DD-4743-B4F0-6A248290D93B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-789ED112-6266-4645-A90E-B25F2B72BC67.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C1E1317B-4BC4-4D8D-8063-03ED0EEE48A8.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-AF86CA3E-56A0-4BD6-919A-2BA592A21F68.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-253AAB39-62AE-4E64-ACA6-8573B0E4431F.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F3FA25FB-676A-4A90-8120-4EA62407F4EC.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C4E203BA-6EB4-45EF-98D8-84EB7E10AB90.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C28A9F77-FDAD-4B8D-B0FF-DB43DC735334.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-107B78C0-6B0B-48C6-B39D-713F4A75C77E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-07606493-2C7B-4B76-B81B-7D73ECB37E9A.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-C5EC0DAC-FF44-400D-AAAF-AD8DC507AC40.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5BC08776-7B6F-46FD-83B8-FC927DEDD35E.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-D87DA6C2-B906-4D4B-A3E8-C953F5FCD7FE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5BC23705-7FBE-42D8-A22B-C8F59A5C25C9.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-15918B51-39CC-4212-A85A-28640814A248.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-5D0E19AF-93E7-4560-90C5-92E0A63E58E5.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-EBCC9EF0-2916-48E8-8440-694EE954C259.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-9E6E1150-6AF3-4989-BF3D-BB63A7942BBE.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-4C4B0804-B8A5-41B1-B636-84D3A5D83F41.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-FD022FE6-E7FE-45C0-B543-CFD26BF4FF1B.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-F74B8C50-0042-460E-9C35-57A88C9BABD7.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-BF53ABF6-02BD-4712-B3DF-D7C52F9DFDA7.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Locktime\NetLimiter\2\Stats\nlstats-7ED7534B-45F6-4E34-9532-C235A1F2D7A9.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012008071220080713\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\ilke\ntuser.dat Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\temp\Perflib_Perfdata_46c.dat Object is locked skipped
    C:\Documents and Settings\ilke\Local Settings\temp\~DF700D.tmp Object is locked skipped
    C:\Documents and Settings\ilke\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\history.dat Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\parent.lock Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\cert8.db Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\key3.db Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Mozilla\Firefox\Profiles\tcivis13.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\index2.dat Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\user1024.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\chatmsg1024.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\chatmsg2048.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\chat4096.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\call256.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\user4096.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\chat512.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\profile16384.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\user16384.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\chatmsg512.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\transfer256.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\transfer512.dbb Object is locked skipped
    C:\Documents and Settings\ilke\Application Data\Skype\ilkkegajba\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\ilke\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\UFU\BatchReplacer.exe Infected: Trojan-Dropper.Win32.Delf.bdn skipped
    C:\Program Files\Electrotank\ElectroServer 3\logs\service-output.log Object is locked skipped
    C:\Program Files\Electrotank\ElectroServer 3\logs\electroserver_0.log.lck Object is locked skipped
    C:\Program Files\Electrotank\ElectroServer 3\logs\electroserver_0.log Object is locked skipped
    C:\Program Files\RKlauncher\docklets\mailcheck\mailcheck.func Infected: Trojan-Downloader.Win32.Banload.mib skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\System Volume Information\_restore{06807AAB-6ACD-4900-85C5-A703A8A4742F}\RP817\change.log Object is locked skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\IXP000.TMP\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\IXP000.TMP\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\IXP000.TMP\daemon4121-lite.exe NSIS: infected - 2 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\3bti.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\syswcc32.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\syswcc32.exe RarSFX: infected - 5 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\snpp.exe/data0006 Infected: Trojan-Downloader.Win32.VB.eyc skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\ilke\LOCALS~1\Temp\snpp.exe NSIS: infected - 1 skipped
    C:\Deckard\System Scanner\backup\WINDOWS\temp\ntoskrnl2600.exe Infected: not-a-virus:FraudTool.Win32.SecurityAlert.g skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\clbdriver.sys.vir Object is locked skipped
    C:\QooBox\Quarantine\catchme2008-07-03_210026.27.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.cy skipped
    C:\QooBox\Quarantine\catchme2008-07-03_210026.27.zip ZIP: infected - 1 skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    G:\ NAREZIVANJE\cd IGRICE 1794\ FREEWARE\DopeWars21d.exe/WISE0060.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped
    G:\ NAREZIVANJE\cd IGRICE 1794\ FREEWARE\DopeWars21d.exe WiseSFX: infected - 1 skipped
    H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
    iLKke,
    #17
  19. 2008/07/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the bolded text below, quotes included.

    "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 "

    Click Start>Run and paste the text in the run dialog, then hit Enter.
    Delete all folders present there. I know the name of only 1, which is 03YX2DWZ

    Now empty the recycle bin.

    Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.


    That should wrap things up. How's the computer running now?
     
    noahdfear,
    #18
  20. 2008/07/15
    iLKke

    iLKke Inactive Thread Starter

    Joined:
    2008/07/02
    Messages:
    15
    Likes Received:
    0
    Did as you said.
    During the process of uninstalling ComboFix, processes NirCmd and GrpConv asked for (and got) all kinds of access. I presume these are ComboFix components?

    So far, the computer is working like a dream, if by any chance I have more problems, I'll sound the alarm.

    Thanks once more! \o/
     
    iLKke,
    #19
  21. 2008/07/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Yes, those processes were invoked by ComboFix. Good that you allowed them. :)

    Glad to hear all is well, and happy I could help. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    An ounce of prevention is worth a pound of cure

    Surf safe!
     
    noahdfear,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...