1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

krnj32drv.dll - Infostealer.Gampass

Discussion in 'Malware and Virus Removal Archive' started by kogolg, 2008/03/03.

  1. 2008/03/03
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    The title is how Norton Security Scan identified it. It provides me with the path too but I can't locate the file . I can open it if I put the path at the explorer but can't delete it. At the initial steps this also created two Downloader viruses which after a delete frenzy of registry values I think I managed to stop appearing in scan. I found a similar post here where you actually solved it but I got lost in the process.

    This file actually gave the opportunity of hackers to invade my WoW account and ruin my characters but appart from it the fact that nothing I tried and non of the programs I used did manage to remove it makes me feel frustrated.

    Help plz.

    Please find both the HJT and the BSS reports.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:37:59, on 27/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gpo.gr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe "
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9344 bytes

    Deckard's System Scanner v20071014.68
    Run by GPO on 2008-02-27 13:40:04
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.


    -- Last 1 Restore Point(s) --
    1: 2008-02-27 11:40:09 UTC - RP1 - Σημείο ελέγχου συστήματος


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as GPO.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:41:05, on 27/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\GPO\Επιφάνεια εργασίας\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\GPO.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gpo.gr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe "
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9329 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 PersonalSecureDrive - c:\windows\system32\drivers\psd.sys <Not Verified; Infineon Technologies AG; Infineon Personal Secure Drive>
    R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 IFXSpMgtSrv (Security Platform Management Service) - c:\windows\system32\ifxspmgt.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
    R2 IFXTCS (Trusted Platform Core Service) - c:\windows\system32\ifxtcs.exe <Not Verified; Infineon Technologies AG; Infineon TPM Software>
    R2 PersonalSecureDriveService (Personal Secure Drive Service) - "c:\program files\protecttools\embedded security software\psdsrvc.exe" <Not Verified; Infineon Technologies AG; Infineon Personal Secure Drive>

    S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) Management Engine Interface
    Device ID: PCI\VEN_8086&DEV_2994&SUBSYS_2801103C&REV_02\3&B1BFB68&0&18
    Manufacturer: Intel
    Name: Intel(R) Management Engine Interface
    PNP Device ID: PCI\VEN_8086&DEV_2994&SUBSYS_2801103C&REV_02\3&B1BFB68&0&18
    Service: HECI

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Κάρτα διασύνδεσης δικτύου 3Com EtherLink XL 10/100 PCI για πλήρη διαχείριση PC (3C905C-TX)
    Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_30\4&3721BFB3&0&48F0
    Manufacturer: 3Com
    Name: Κάρτα διασύνδεσης δικτύου 3Com EtherLink XL 10/100 PCI για πλήρη διαχείριση PC (3C905C-TX) #2
    PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_30\4&3721BFB3&0&48F0
    Service: EL90XBC

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Ποντίκι συμβατό με PS/2
    Device ID: ACPI\PNP0F13\4&696F438&0
    Manufacturer: Microsoft
    Name: Ποντίκι συμβατό με PS/2
    PNP Device ID: ACPI\PNP0F13\4&696F438&0
    Service: i8042prt


    -- Scheduled Tasks -------------------------------------------------------------

    2008-01-24 10:16:26 404 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


    -- Files created between 2008-01-27 and 2008-02-27 -----------------------------

    2008-02-27 14:10:27 8576 --a------ C:\WINDOWS\system32\drivers\csupfqxgkttn.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:55:53 0 d-------- C:\WINDOWS\system32\ActiveScan
    2008-02-27 13:48:45 0 d-------- C:\Program Files\Lavasoft
    2008-02-27 13:48:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-27 13:48:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-27 13:37:33 0 d-------- C:\Program Files\Trend Micro
    2008-02-27 13:34:43 8576 --a------ C:\WINDOWS\system32\drivers\wlyeisgubblq.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:33:25 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:28:51 0 d-------- C:\Documents and Settings\GPO\.housecall6.6
    2008-02-27 13:15:03 0 d-------- C:\WINDOWS\pss
    2008-02-27 13:12:41 118784 --a------ C:\WINDOWS\system32\chg.exe <Not Verified; SoftThinks; Launch>


    -- Find3M Report ---------------------------------------------------------------

    2008-02-27 14:09:15 0 d-------- C:\Program Files\Winamp
    2008-02-27 13:48:26 0 d-------- C:\Program Files\Common Files
    2008-02-27 13:39:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-27 13:39:49 0 d-------- C:\Program Files\PDF Complete
    2008-02-27 13:39:13 0 d-------- C:\Program Files\Google
    2008-02-27 13:33:25 0 d-------- C:\Program Files\Messenger
    2008-02-27 13:14:05 0 d-------- C:\Program Files\Norton Security Scan
    2008-02-27 13:13:35 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-02-27 13:12:35 0 --a------ C:\WINDOWS\TempFile
    2008-01-24 10:43:08 0 d-------- C:\Documents and Settings\GPO\Application Data\Real
    2008-01-24 10:41:39 0 d-------- C:\Program Files\RealAudio
    2008-01-16 09:59:04 0 d-------- C:\Documents and Settings\GPO\Application Data\PowerChallenge


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [15/05/2007 00:22]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [14/07/2006 10:49]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/09/2007 04:01]
    "SetRefresh "= "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 20:01]
    "Scheduler "= "C:\WINDOWS\SMINST\Scheduler.exe" [24/04/2006 09:42]
    "RTHDCPL "= "RTHDCPL.EXE" [04/07/2006 17:26 C:\WINDOWS\RTHDCPL.exe]
    "Reminder "= "C:\WINDOWS\Creator\Remind_XP.exe" [31/03/2006 13:44]
    "Recguard "= "C:\WINDOWS\Sminst\Recguard.exe" [12/05/2006 11:50]
    "PTHOSTTR "= "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [08/06/2006 13:02]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [21/07/2006 12:47]
    "PDF Complete "= "C:\Program Files\PDF Complete\pdfsty.exe" [13/04/2007 08:44]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [21/07/2006 12:48]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [21/07/2006 12:50]
    "CognizanceTS "= "C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [22/12/2003 21:12]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [21/12/2005 08:33]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 15:45]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/09/2007 02:53]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/03/2006 04:00]

    C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2005 21:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/2/2001 00:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
    IfxWlxEN.dll 07/04/2006 06:00 434176 C:\WINDOWS\system32\IfxWlxEN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 07/06/2006 21:26 40448 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages "= scecli AsWlnPkg

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance ASChannel


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2106e7-66fb-11dc-b047-001b78aecfde}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a210735-66fb-11dc-b047-00047582cdf2}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206ec512-79a4-11dc-b04b-00047582cdf2}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c5918e8-5cbd-11dc-b026-001b78aecfde}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ce3697-e528-11dc-b1d3-00047582cdf2}]
    Auto\command- F:\Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a940cb0d-609d-11dc-b041-001b78aecfde}]
    Auto\command- F:\Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b632948f-5c0a-11dc-b025-806d6172696f}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfd08965-890c-11dc-b04c-00047582cdf2}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    *Newly Created Service* - ERASERUTILDRVI4



    -- End of Deckard's System Scanner: finished at 2008-02-27 13:41:35 ------------
     
    kogolg,
    #1
  2. 2008/03/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS kogolg :)

    What is the name and location of the file you mentioned?

    It appears you have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a newer version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.


    Then, please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh dsss log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/03/04
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    The path was C\WINDOWS\SYSTEM32\krnj32drv.dll.

    Ok I used the Flash Disinfector on my flash disk and it went ok with no warnings on my flash disk. The thing is that I used my boss' flash disk a few days ago and I don't have it available to scan it atm. If the whole thing started from that flash disk then I will use the program on that one too next time I use it.

    Now MBAM actually found a trojan downloader
    C:\WINDOWS\system32\x64
    and removed it succesfully. Unfortunately Norton Security Scan detected again the same trojan krnj32drv.dll - Infostealer.Gampass

    As it was mentioned in the first post I can open that krnj32drv.dll file with notepad but can't find it to delete it. What I found after opening the file and can make some sense is the following :

    " "
    †w ¤w  € €
    €4 € € € € βw Ξw Δw WS2_32.dll J
    CreateThread ¶IsBadStringPtrA ΒLoadLibraryA –Sleep >GetProcAddress GetLastError
    [GetSystemInfo µIsBadReadPtr ΖVirtualQuery WideCharToMultiByte δMultiByteToWideChar
    mGetTickCount *InterlockedDecrement  CloseHandle &GetModuleHandleA 4 CreateFileA
    ΦMapViewOfFile 5 CreateFileMappingA ιOpenFileMappingA } ExitProcess $GetModuleFileNameA
    KERNEL32.dll ADVAPI32.dll  CallNextHookEx USER32.dll \ InternetCrackUrlA WININET.dll Ψ
    OleRun CoCreateInstance . CoInitializeEx ole32.dll OLEAUT32.dll ^free Ώ_strdup
    §realloc @calloc =atoi  ??3@YAXPAX@Z ²sprintf I __CxxFrameHandler  ??2@YAPAXI@Z
    ζwcslen ‘malloc bfseek Rfgets MSVCRT.dll U __dllonexit †_onexit _initterm
    _adjust_fdiv ΜLocalFree A _CxxThrowException  ??1type_info@@UAE@XZ Å“G
    py    Hy Xy hy *F F *F *F ~y Žy *y ²y    ShellHook.dll
    DllCanUnloadNow DllGetClassObject DllRegisterServer DllUnregisterServer ΝŽ¬NΝ¬Å½ι¬Ν( InternetCloseHandle InternetOpenUrlA */* InternetReadFile ΐ Κ-NŽ®,(νl
     \ ° μ¬Å½νnŽΝ,*¬  θ¬Å½©νÅ’®¬ ,ΝÅ’¬( ° ¤Å’Ε¤Å’Ε¤Å’Ε¤Å’ F.1 UKOS 2003 Xp 2K NT
    ; %d  άZOIά‰]Å“OIά‰ΨOIά‰ΫYÅ“OIά password accountName secretQuestionAnswer iΛ…
    •MΟ– €Ητξ…rY*›¨φΟ¤B *Ι9 ΐ Fws2_32.dll / ] [ <Ξή> a Σ―ΝΠÅ > ΐOΙβn
    Å“ZYÅ“άYΨΫάά ° ˆ¬¬Å½¬Θ-¬( send Ws2_32.dll ξνξn¬Ξ¬n
    " "

    Here is the mbam log:

    Malwarebytes' Anti-Malware 1.05
    Database version: 449

    Scan type: Quick Scan
    Objects scanned: 27207
    Time elapsed: 5 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\WINDOWS\system32\x64 (Trojan.Downloader) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)

    And here is the new dss:

    Deckard's System Scanner v20071014.68
    Run by GPO on 2008-02-27 14:04:13
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as GPO.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:16, on 27/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\GPO\Επιφάνεια εργασίας\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\GPO.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gpo.gr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe "
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9280 bytes

    -- Files created between 2008-01-27 and 2008-02-27 -----------------------------

    2008-02-27 14:10:27 8576 --a------ C:\WINDOWS\system32\drivers\csupfqxgkttn.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:55:53 0 d-------- C:\WINDOWS\system32\ActiveScan
    2008-02-27 13:48:45 0 d-------- C:\Program Files\Lavasoft
    2008-02-27 13:48:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-27 13:48:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-27 13:37:33 0 d-------- C:\Program Files\Trend Micro
    2008-02-27 13:36:55 0 d-------- C:\Documents and Settings\GPO\Application Data\Malwarebytes
    2008-02-27 13:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-02-27 13:36:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-27 13:35:14 0 drahs---- C:\autorun.inf
    2008-02-27 13:34:43 8576 --a------ C:\WINDOWS\system32\drivers\wlyeisgubblq.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:33:25 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:28:51 0 d-------- C:\Documents and Settings\GPO\.housecall6.6
    2008-02-27 13:15:03 0 d-------- C:\WINDOWS\pss
    2008-02-27 13:12:28 118784 --a------ C:\WINDOWS\system32\chg.exe <Not Verified; SoftThinks; Launch>


    -- Find3M Report ---------------------------------------------------------------

    2008-02-27 14:09:15 0 d-------- C:\Program Files\Winamp
    2008-02-27 13:48:26 0 d-------- C:\Program Files\Common Files
    2008-02-27 13:39:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-27 13:39:49 0 d-------- C:\Program Files\PDF Complete
    2008-02-27 13:39:13 0 d-------- C:\Program Files\Google
    2008-02-27 13:33:25 0 d-------- C:\Program Files\Messenger
    2008-02-27 13:32:49 0 d-------- C:\Program Files\Norton Security Scan
    2008-02-27 13:12:39 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-02-27 13:12:27 0 --a------ C:\WINDOWS\TempFile
    2008-01-24 10:43:08 0 d-------- C:\Documents and Settings\GPO\Application Data\Real
    2008-01-24 10:41:39 0 d-------- C:\Program Files\RealAudio
    2008-01-16 09:59:04 0 d-------- C:\Documents and Settings\GPO\Application Data\PowerChallenge


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [15/05/2007 00:22]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [14/07/2006 10:49]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/09/2007 04:01]
    "SetRefresh "= "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 20:01]
    "Scheduler "= "C:\WINDOWS\SMINST\Scheduler.exe" [24/04/2006 09:42]
    "RTHDCPL "= "RTHDCPL.EXE" [04/07/2006 17:26 C:\WINDOWS\RTHDCPL.exe]
    "Reminder "= "C:\WINDOWS\Creator\Remind_XP.exe" [31/03/2006 13:44]
    "Recguard "= "C:\WINDOWS\Sminst\Recguard.exe" [12/05/2006 11:50]
    "PTHOSTTR "= "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [08/06/2006 13:02]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [21/07/2006 12:47]
    "PDF Complete "= "C:\Program Files\PDF Complete\pdfsty.exe" [13/04/2007 08:44]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [21/07/2006 12:48]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [21/07/2006 12:50]
    "CognizanceTS "= "C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [22/12/2003 21:12]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [21/12/2005 08:33]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 15:45]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/09/2007 02:53]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/03/2006 04:00]

    C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2005 21:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/2/2001 00:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
    IfxWlxEN.dll 07/04/2006 06:00 434176 C:\WINDOWS\system32\IfxWlxEN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 07/06/2006 21:26 40448 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages "= scecli AsWlnPkg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance ASChannel


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2106e7-66fb-11dc-b047-001b78aecfde}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a210735-66fb-11dc-b047-00047582cdf2}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206ec512-79a4-11dc-b04b-00047582cdf2}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ce3697-e528-11dc-b1d3-00047582cdf2}]
    Auto\command- F:\Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a940cb0d-609d-11dc-b041-001b78aecfde}]
    Auto\command- F:\Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfd08965-890c-11dc-b04c-00047582cdf2}]
    Auto\command- Autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

    *Newly Created Service* - ERASERUTILDRV10741



    -- End of Deckard's System Scanner: finished at 2008-02-27 14:04:35 ------------
     
    Last edited: 2008/03/04
    kogolg,
    #3
  5. 2008/03/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Open MBAM and select the More Tools tab.
    In the FileASSASIN section, click Run Tool.
    In the window that opens, browse to the C:\Windows\system32 folder and select the krnj32drv.dll file if present. If you don't see it, type or paste the filename on the Filename line and click Open.
    Reboot if prompted.
    Scan the system32 folder again with Norton and let me know the results.
     
    noahdfear,
    #4
  6. 2008/03/05
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    Big thanks :)

    I used MBAM and I deleted the file. Then I rebooted my pc, just to be sure it won't come back at the next reboot, did a full system scan and it was gone.

    Thank you so much.

    -------------------------------------------------------------------------
    btw a fast question in which I don't expect an answer....
    At the part of the trojan code I found it says " password accountName secretQuestionAnswer " and actually this is all the information the hacker needed to take complete control over my account. My question is how did the hacker actually found what the answer to my secret question was since I never typed it after I initially did 2,5 years ago when my pc was bug free? Is the game developer's (Blizzard-wow) server so vulnurable to such attacks to be able to send such information?
     
    kogolg,
    #5
  7. 2008/03/05
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Your computer stores much information. ;)


    We need to fix some registry entries related to the flash drive infection. Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

    Filename: fix.reg
    Save as type: All Files (*.*)

    Code:
    REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a2106e7-66fb-11dc-b047-001b78aecfde}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a210735-66fb-11dc-b047-00047582cdf2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206ec512-79a4-11dc-b04b-00047582cdf2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ce3697-e528-11dc-b1d3-00047582cdf2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a940cb0d-609d-11dc-b041-001b78aecfde}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfd08965-890c-11dc-b04c-00047582cdf2}]
    Double click fix.reg and allow it to merge with the registry.

    Now, please do an online scan with Kaspersky WebScanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh dss log.
     
    noahdfear,
    #6
  8. 2008/03/06
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    ok the registry merging happened with success. I also scaned my pc with Kaspersky and the result was the following

    Scan complete.
    No malware has been detected. The sections that have been scanned are CLEAN.

    It also reported about 15 locked paths.

    Here is the Kaspersky log:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, February 27, 2008 1:43:45 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 6/03/2008
    Kaspersky Anti-Virus database records: 601691
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 40688
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:31:47

    Infected Object Name / Virus Name / Last Action
    C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Infineon\TPM Software 2.0\UserKeyData\IFXConfig.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Infineon\TPM Software 2.0\UserKeyData\TPMCP.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Infineon\TPM Software 2.0\UserKeyData\TSPps.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2699668785-2371165608-3437090618-500\6e22962ad96ee7c69ddc940aa08e0512_792157f7-e910-4c24-b6f7-373af04df209 Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Εκκίνηση του προγράμματος ανάγνωσης ιστοσελίδων Internet Explorer.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Εμφάνιση επιφάνειας εργασίας.scf Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1132870689-543347194-3602448654-500\5320208d-374e-49c7-a79b-bf978341b1c0 Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1132870689-543347194-3602448654-500\Preferred Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2699668785-2371165608-3437090618-500\61b0c95f-2e47-4c8a-bf8f-aad73b62fd75 Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2699668785-2371165608-3437090618-500\f2d83656-ed0c-4abf-a734-41e43a85140f Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2699668785-2371165608-3437090618-500\Preferred Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
    C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\HEWLETT-PACKARD Προτεινόμενοι κόμβοι\Hewlett-Packard.URL Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\Οδηγός ραδιοφωνικού σταθμού.url Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\Συνδέσεις\Windows Media.url Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\Συνδέσεις\Windows.url Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\Συνδέσεις\Δωρεάν Hotmail.url Object is locked skipped
    C:\Documents and Settings\Administrator\Favorites\Συνδέσεις\Προσαρμογή συνδέσεων.url Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL163.tmp.c280ef57.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\37MDTYQ3\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\5WQM5XG6\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\96FQ5ZOB\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\RCOY81IB\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Movie Maker\MEDIATAB.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08062007.Log Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09062007.Log Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09072007.Log Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\1033.MST Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008022720080228\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\AAXF.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Arabic.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Czech.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Danish.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Dutch.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\English.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Finnish.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\French.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\German.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Greek.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Hebrew.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Hungarian.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\IMT11.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\IMT12.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\IMT13.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\IMT7.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\IMT8.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\IMT9.xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Italian.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Japanese.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Korean.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Norwegian.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\omniaction_Sep_06_2007.log Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\PDFC\BITC.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Polish.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Portuguese(Brazil).bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Portuguese.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Russian.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Set1.tmp Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\SimChin.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Spanish.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\SPSSClientSetup.log Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\SWEDISH.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Thai.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\TradChin.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temp\Turkish.bin Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\background_gradient[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\bg3[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\bg_222[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\bg_footer[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\buttonForm[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\buttonForm[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\button_lrg[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\chmhelp[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\collapsed[2].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\Common[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\connect[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\coUAprint[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\coUA[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\csAuth[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\dot[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\endnode[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\ErrorPageTemplate[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\favcenter[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\ico_next2u[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\important[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\left-3[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\NavBar[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\note[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\ph_web[1].jpg Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\plusCold[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\pro[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\shared[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\shared[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\shared[3].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\SubSite[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\tshootText[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\tshoot_shared[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\2750NY91\tshoot_shared[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\arrow[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\bg-1[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\blank[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\Common[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\Common[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\CompatOffline[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\coUA[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\csLoginAuthentication[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\down[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\hdw_generic_result[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\HHWRAPPER[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\httpErrorPagesScripts[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\ico_cool4u[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\Layout[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\note[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\note[2].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\ph_help[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\ph_mns[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\reusable[1].xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\rightb[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\scope_animated[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\shared[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\shared[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\shared[3].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\shared[4].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\shared[5].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\style[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\tsctl[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\C007L30Q\warning[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\alttext[1].xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\banner[1].jpg Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\Behaviors[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\bgrig[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\bullet[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\buttonForm[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\buttonForm[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\Common[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\Common[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\Context[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\coUA[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\coUA[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\dnserror[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\hdw_generic[1].htm Object is locked skipped
    ........
     
    kogolg,
    #7
  9. 2008/03/06
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    .......


    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\helpdoc[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\leftbot1[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\line[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\MiniNavBar[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\my.otenet[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\ph_active[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\ph_domain[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\ph_register[1].jpg Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\pro[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\pro[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[3].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[4].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shared[5].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shortcut[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\shortcut[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\thestyle[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\tshootText[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\tshootText[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\TshootText[2].xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\tshoot[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\tshoot_shared[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\tshoot_shared[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\KQ5RQA2P\US1SysdmXPLogo[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\bglef[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\bg_menu[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\blue_arrow[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\buttonForm[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\caution[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\Common[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\Common[2].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\coUA[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\coUA[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\dbGlossary[1].csv Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\defaultsettings[1].xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\DOT[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\errorPageStrings[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\firstpage[1].htm Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\ico_eshop[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\info_48[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\logocorn[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\logo[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\logo[2].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\MiniNavBar[1].xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\NavBar[1].xml Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\ph_password[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\plusHot[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shared[1].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shared[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shared[2].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shared[3].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shared[4].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shared[5].css Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\shortcutCold[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\tools[1] Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\tshootText[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\tshoot_shared[1].js Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\Content.IE5\Y5Y2CO5A\Uabrand[1].gif Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet files\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\HELP.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\NETRTL.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\NETRTLX.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\WINXP.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\WINXP64 (2).lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Recent\WINXP64.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\SendTo\Επιφάνεια εργασίας (δημιουργία συντόμευσης).DeskLink Object is locked skipped
    C:\Documents and Settings\Administrator\SendTo\Παραλήπτης αλληλογραφίας.MAPIMail Object is locked skipped
    C:\Documents and Settings\Administrator\SendTo\Συμπιεσμένος (μορφή zip) φάκελος.ZFSendToTarget Object is locked skipped
    C:\Documents and Settings\Administrator\SendTo\Τα έγγραφά μου.mydocs Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Internet Explorer.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Outlook Express.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Windows Media Player.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Απομακρυσμένη Βοήθεια.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Βιβλίο διευθύνσεων.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Για άτομα με ειδικές ανάγκες\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Για άτομα με ειδικές ανάγκες\Διαχείριση βοηθητικών προγραμμάτων.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Για άτομα με ειδικές ανάγκες\Μεγεθυντικός φακός.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Για άτομα με ειδικές ανάγκες\Πληκτρολόγιο οθόνης.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Γραμμή εντολών.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Διασκέδαση\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Διασκέδαση\Windows Media Player.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Εξερεύνηση των Windows.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Οδηγός συμβατότητας προγράμματος.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Περιήγηση στα Windows XP.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Σημειωματάριο.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Βοηθήματα\Συγχρονισμός.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
    C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
    C:\Documents and Settings\Administrator\Τα έγγραφά μου\desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Τα έγγραφά μου\Η μουσική μου\Desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Τα έγγραφά μου\Η μουσική μου\Δείγματα μουσικής.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Τα έγγραφά μου\Οι εικόνες μου\Desktop.ini Object is locked skipped
    C:\Documents and Settings\Administrator\Τα έγγραφά μου\Οι εικόνες μου\Δείγματα εικόνων.lnk Object is locked skipped
    C:\Documents and Settings\Administrator\Τα έγγραφά μου\Τα βίντεό μου\Desktop.ini Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\GPO\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\GPO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\GPO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\GPO\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\GPO\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\GPO\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\GPO\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0326NAV~.TMP Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0569NAV~.TMP Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\tracking.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TempFile Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
    kogolg,
    #8
  10. 2008/03/06
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    and here is the dss report:

    Deckard's System Scanner v20071014.68
    Run by GPO on 2008-02-27 13:48:23
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as GPO.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:48:26, on 27/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\GPO\Επιφάνεια εργασίας\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\GPO.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gpo.gr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe "
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 7858 bytes

    -- Files created between 2008-01-27 and 2008-02-27 -----------------------------

    2008-02-27 14:10:27 8576 --a------ C:\WINDOWS\system32\drivers\csupfqxgkttn.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:48:45 0 d-------- C:\Program Files\Lavasoft
    2008-02-27 13:48:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-27 13:48:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-27 13:37:33 0 d-------- C:\Program Files\Trend Micro
    2008-02-27 13:36:55 0 d-------- C:\Documents and Settings\GPO\Application Data\Malwarebytes
    2008-02-27 13:36:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-02-27 13:36:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-02-27 13:36:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-02-27 13:36:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-27 13:36:27 0 d-------- C:\WINDOWS\LastGood
    2008-02-27 13:35:14 0 drahs---- C:\autorun.inf
    2008-02-27 13:34:43 8576 --a------ C:\WINDOWS\system32\drivers\wlyeisgubblq.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:33:25 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-02-27 13:28:51 0 d-------- C:\Documents and Settings\GPO\.housecall6.6
    2008-02-27 13:15:03 0 d-------- C:\WINDOWS\pss
    2008-02-27 13:12:30 118784 --a------ C:\WINDOWS\system32\chg.exe <Not Verified; SoftThinks; Launch>


    -- Find3M Report ---------------------------------------------------------------

    2008-02-27 14:09:15 0 d-------- C:\Program Files\Winamp
    2008-02-27 13:48:26 0 d-------- C:\Program Files\Common Files
    2008-02-27 13:39:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-27 13:39:49 0 d-------- C:\Program Files\PDF Complete
    2008-02-27 13:39:46 0 d-------- C:\Program Files\Google
    2008-02-27 13:33:25 0 d-------- C:\Program Files\Messenger
    2008-02-27 13:13:26 0 d-------- C:\Program Files\Norton Security Scan
    2008-02-27 13:12:38 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-02-27 13:12:26 0 --a------ C:\WINDOWS\TempFile
    2008-01-24 10:43:08 0 d-------- C:\Documents and Settings\GPO\Application Data\Real
    2008-01-24 10:41:39 0 d-------- C:\Program Files\RealAudio
    2008-01-16 09:59:04 0 d-------- C:\Documents and Settings\GPO\Application Data\PowerChallenge


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [14/07/2006 10:49]
    "WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [15/05/2007 00:22]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [16/09/2007 04:01]
    "SetRefresh "= "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 20:01]
    "Scheduler "= "C:\WINDOWS\SMINST\Scheduler.exe" [24/04/2006 09:42]
    "RTHDCPL "= "RTHDCPL.EXE" [04/07/2006 17:26 C:\WINDOWS\RTHDCPL.exe]
    "Reminder "= "C:\WINDOWS\Creator\Remind_XP.exe" [31/03/2006 13:44]
    "Recguard "= "C:\WINDOWS\Sminst\Recguard.exe" [12/05/2006 11:50]
    "PTHOSTTR "= "C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [08/06/2006 13:02]
    "Persistence "= "C:\WINDOWS\system32\igfxpers.exe" [21/07/2006 12:47]
    "PDF Complete "= "C:\Program Files\PDF Complete\pdfsty.exe" [13/04/2007 08:44]
    "IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [21/07/2006 12:48]
    "HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [21/07/2006 12:50]
    "CognizanceTS "= "C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [22/12/2003 21:12]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [21/12/2005 08:33]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/03/2006 04:00]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 15:45]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]

    C:\Documents and Settings\All Users\Start Menu\¨¦Å¡¨α££Ëœ«Ëœ\„΅΅ε¤Å¾©Å¾\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/9/2005 21:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/2/2001 00:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
    IfxWlxEN.dll 07/04/2006 06:00 434176 C:\WINDOWS\system32\IfxWlxEN.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 07/06/2006 21:26 40448 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages "= scecli AsWlnPkg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance ASChannel

    *Newly Created Service* - ERASERUTILDRV10741
    *Newly Created Service* - ERASERUTILDRVI4



    -- End of Deckard's System Scanner: finished at 2008-02-27 13:48:44 ------------
     
    kogolg,
    #9
  11. 2008/03/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Recommend you logon to the Administrator account and clear the temporary files with ATF Cleaner. Download ATF Cleaner by Atribune and save it to Local Disk C:
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot

    You can remove the logs we've created and delete the C:\Deckard folder. Empty the recycle bin when done.

    If you're satisfied that the computer is working properly, clear the System Restore points.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.
     
    noahdfear,
    #10
  12. 2008/03/07
    kogolg

    kogolg Inactive Thread Starter

    Joined:
    2008/03/03
    Messages:
    7
    Likes Received:
    0
    I am always in administrator mode.

    The ATF cleaner cleared the selected boxes with success. I rebooted then I performed a full system scan again with Norton Security Scan.

    Only the following tracking cookies appeared that are described as low risk level. Those cookies appeared in every scaning with Norton Security Scan but they didn't appear in all the other scans I have done so far with other scaning programs but I suppose the are no threat. If I could remove those too then the scanning results from all programs would be clean.

    Cookie:
    Cookie:gpo@us.intellitxt.com/
    Cookie:gpo@examnotes.us.intellitxt.com/
    Cookie:gpo@techspot.us.intellitxt.com/
    Cookie:gpo@ad.yieldmanager.com/

    Everything went well with the restore point creation too.

    Thank you so much for the effort and the time you spent on my problem :)
     
    kogolg,
    #11
  13. 2008/03/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You need to logon to the Administrator account ..... different than Administrator mode. Reboot to safe mode then select the Administrator account and run ATF Cleaner as described above.


    You can use ATF Cleaner to clear those cookies too. Just select that option. ;)
     
    noahdfear,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...