Computer freezing and running really slow

Phantom Spanker · 2007/12/06

I tried running SpyBot S&D. I also had compressed old files using disk clean-up on windows. I hope this didn't mess with anything

Logfile of HijackThis v1.99.1
Scan saved at 19:52:14, on 06/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35A3BF06-EE8A-438F-8FA8-14DE01782EB2} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks in advance
Spanks

noahdfear · 2007/12/06

Hi Spanks

First, please delete the outdated version of HijackThis you have, then download the HijackThis Installer from here, then run a scan and save the log. Close the log for now.

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

Download VundoFix by Atribune, saving it to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encounters a file it could not remove. In this case, VundoFix will run on reboot. If that happens, follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Now,

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt and C:\VundoFix.txt

Phantom Spanker · 2007/12/11

Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-11 17:40:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
72: 2007-12-11 17:40:49 UTC - RP645 - Deckard's System Scanner Restore Point
71: 2007-12-10 11:41:34 UTC - RP644 - System Checkpoint
70: 2007-12-08 19:15:54 UTC - RP643 - System Checkpoint
69: 2007-12-06 22:04:43 UTC - RP642 - System Checkpoint
68: 2007-12-05 21:46:40 UTC - RP641 - System Checkpoint

-- First Restore Point --
1: 2007-09-12 23:26:15 UTC - RP574 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:16, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\dss.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35A3BF06-EE8A-438F-8FA8-14DE01782EB2} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7044 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 XDva025 - c:\windows\system32\xdva025.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&163C0F35&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&163C0F35&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2007-12-11 17:47:25 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-07 20:00:00 466 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2007-11-25 21:54:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-11-11 and 2007-12-11 -----------------------------

2007-12-11 16:20:01 0 d-------- C:\VundoFix Backups
2007-12-11 16:17:48 0 d-------- C:\Program Files\Trend Micro
2007-12-06 12:47:09 0 d-------- C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Uniblue

-- Find3M Report ---------------------------------------------------------------

2007-12-11 17:35:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-11 17:35:22 0 d-------- C:\Program Files\Common Files
2007-12-03 23:54:46 0 d-------- C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\LimeWire
2007-12-03 23:51:53 0 d-------- C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Xfire
2007-12-03 23:47:39 0 d---s---- C:\Program Files\Xfire
2007-11-05 12:24:21 0 d-------- C:\Program Files\Eyeball
2007-10-31 20:45:21 5915 --a------ C:\WINDOWS\mozver.dat
2007-10-11 15:18:21 0 d-------- C:\Program Files\Call of Duty
2007-10-11 12:11:30 0 d-------- C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Camfrog

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35A3BF06-EE8A-438F-8FA8-14DE01782EB2}]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/12/2003 15:11]
"ccRegVfy "= "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [02/12/2003 15:11]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [26/08/2005 22:57]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [31/10/2006 12:25]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/10/2006 13:03]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 11:22]
"nwiz "= "nwiz.exe" [22/10/2006 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 11:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [29/06/2007 23:24]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"\1.exe "=C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtss]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
C:\Program Files\RamBooster 2.0\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

-- End of Deckard's System Scanner: finished at 2007-12-11 18:05:26 ------------

VundoFix V6.7.0

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 16:20:01 11/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Righty Tighty. That work there was mighty. Who can help me with my plighty,
before i say goodnighty

Thanks
Spanks

noahdfear · 2007/12/11

Scan again with HijackThis and place a check next to the following entries, close all other windows then click Fix Checked.

O2 - BHO: (no name) - {35A3BF06-EE8A-438F-8FA8-14DE01782EB2} - C:\WINDOWS\system32\awtss.dll (file missing)
O4 - HKCU\..\Policies\Explorer\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)

Close HijackThis.

Highlight and copy the bolded command below.

"%allusersprofile%\APPLIC~1\Tools "

Click Start>Run then paste the command on the Run line and hit enter. It should open the tools folder. If present, delete the file 1.exe

Delete VundoFix.exe, the C:\VundoFix Backups folder and the C:\Deckard folder.

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now lets see if we've missed anything. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

Phantom Spanker · 2007/12/12

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 12, 2007 9:11:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/12/2007
Kaspersky Anti-Virus database records: 480744
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 97770
Number of viruses found: 39
Number of infected objects: 88
Number of suspicious objects: 0
Duration of the scan process: 03:24:03

Infected Object Name / Virus Name / Last Action
C:\!KillBox\gdimx.exe Infected: Trojan-Downloader.Win32.Dluca.da skipped
C:\!KillBox\nsy4.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\Documents and Settings\All Users\Application Data\Bin\bin.dll Infected: not-a-virus:AdWare.Win32.MediaBack.f skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-12_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\sysdir\bundles.exe/data0002 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\Program Files\Common Files\sysdir\bundles.exe NSIS: infected - 1 skipped
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe NSIS: infected - 5 skipped
C:\Program Files\Common Files\System\deb60b19.exe Infected: Trojan-Downloader.Win32.Dluca.dc skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\060173CC.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\06342E16/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\06342E16 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06342E16 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\069F3C23.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\0920629D.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\107E7698 Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\11A06C1A.exe Infected: Trojan-Downloader.Win32.Agent.tf skipped
C:\Program Files\Norton AntiVirus\Quarantine\15DF0835.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\176911AA Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\18A9244A Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\19CE4689.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\1C97352C.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\Program Files\Norton AntiVirus\Quarantine\21DF31EC.exe Infected: Trojan-Proxy.Win32.Agent.cj skipped
C:\Program Files\Norton AntiVirus\Quarantine\234C6C95 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\28FA03E6.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\3375155B Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Program Files\Norton AntiVirus\Quarantine\34263C3D Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Program Files\Norton AntiVirus\Quarantine\380A7416.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\393A02A7 Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E90561A.dll Infected: Trojan-Downloader.Win32.Ieser.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F5B79AE.dll Infected: Trojan.Win32.Delf.gh skipped
C:\Program Files\Norton AntiVirus\Quarantine\48867A87.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\49532FFB.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\54431AE5.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\54E36BF9.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\59255B88 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D4D52F4 Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D987AED Infected: Trojan-Downloader.Win32.Agent.hg skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E16608D Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\60FB03B5 Infected: Trojan.Win32.Delprot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\66E94A7F.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A9F4AD1.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C6A59FE.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\70D47786 Infected: Trojan-Downloader.Win32.Wintrim.bh skipped
C:\Program Files\Norton AntiVirus\Quarantine\711E30BC.dll Infected: Trojan-Downloader.Win32.Ieser.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\71663CB3.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77BC2953.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77BC2953.htm Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77C27D4C.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77C95145.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77CC7B41.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77D34F3A.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77D67936.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77E32128.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77E64B24.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77ED1F1D.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77F0491A.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77F37316.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\781106A0.exe Infected: Net-Worm.Win32.Mytob.fm skipped
C:\Program Files\Norton AntiVirus\Quarantine\78A03E02.exe Infected: Net-Worm.Win32.Mytob.fm skipped
C:\Program Files\siteicons\gdimx\gdimx.exe Infected: Trojan-Downloader.Win32.Dluca.cc skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140577.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140577.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140578.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140578.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP645\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx.000 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll.000 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EB3AD68D-27D9-4063-B903-71D91F6B4D2D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\COMMCOSS.DLL Infected: not-a-virus:AdWare.Win32.SafeSurfing.j skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\getpxl32.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\irsinst.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\WINDOWS\system32\irsinst.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\jgaypt32.exe Infected: Packed.Win32.NSAnti.r skipped
C:\WINDOWS\system32\secure.exe Infected: not-a-virus:AdWare.Win32.DealHelper.v skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe NSIS: infected - 5 skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

And the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:29:57, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10908.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6933 bytes

Hope we got all the nasties!

noahdfear · 2007/12/12

Since you have Killbox, Highlight and copy the bolded list of files below.

C:\Documents and Settings\All Users\Application Data\Bin\bin.dll
C:\Program Files\Common Files\sysdir\bundles.exe
C:\Program Files\Common Files\sysdir\WebRebates_PlayaSolutions_InstallAS.exe
C:\Program Files\Common Files\System\deb60b19.exe
C:\Program Files\siteicons\gdimx\gdimx.exe
C:\WINDOWS\system32\COMMCOSS.DLL
C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe
C:\WINDOWS\system32\getpxl32.exe
C:\WINDOWS\system32\irsinst.exe
C:\WINDOWS\system32\jgaypt32.exe
C:\WINDOWS\system32\secure.exe
C:\WINDOWS\system32\WebRebates_Broadspring1_InstallAS.exe

Open Killbox and select the box labled 'Delete on Reboot'.

Click File on the menu, then Paste from clipboard.

Click the red circle with a white X 'Delete File' button.

Click Yes at the Delete on Reboot prompt.

Click Yes at the Pending Operations prompt.

If the computer does not reboot on it's own, restart it yourself.

Open Norton and delete all quarantined items.
Delete the folder C:\!Killbox
Empty the recycle bin.

Please run the Kaspersky scan again and post the log.

Phantom Spanker · 2007/12/31

Happy New Year everyone.
This scan was 98% complete. It was 3am and was taking wwaaayyyy longer than it should have due to the problems with my computer so i had to stop it a bit early. Perhaps if you tell me to get rid of a few things that are causing the computer to slow up then I can run another one fully.
Cheers again
Spanks

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 31, 2007 2:46:56 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/12/2007
Kaspersky Anti-Virus database records: 500354
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 86934
Number of viruses found: 41
Number of infected objects: 119
Number of suspicious objects: 0
Duration of the scan process: 08:41:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\_\Anti-virus programs\combofix.exe/10 Infected: Trojan.WinREG.Qoologic skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\_\Anti-virus programs\combofix.exe/4 Infected: Trojan.BAT.Agent.ak skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\_\Anti-virus programs\combofix.exe/9 Infected: Trojan.BAT.Agent.al skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\_\Anti-virus programs\combofix.exe QuickBatch: infected - 3 skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\_\Anti-virus programs\combofix.exe UPX: infected - 3 skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\_\Anti-virus programs\combofix.exe PE_Patch.UPX: infected - 3 skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Application Data\Mozilla\Firefox\Profiles\xjux863f.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\060173CC.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\06342E16/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\06342E16 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\06342E16 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\069F3C23.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\0920629D.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\107E7698 Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\11A06C1A.exe Infected: Trojan-Downloader.Win32.Agent.tf skipped
C:\Program Files\Norton AntiVirus\Quarantine\15DF0835.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\176911AA Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\18A9244A Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\19CE4689.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\1C97352C.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\Program Files\Norton AntiVirus\Quarantine\21DF31EC.exe Infected: Trojan-Proxy.Win32.Agent.cj skipped
C:\Program Files\Norton AntiVirus\Quarantine\234C6C95 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\28FA03E6.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\3375155B Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Program Files\Norton AntiVirus\Quarantine\34263C3D Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Program Files\Norton AntiVirus\Quarantine\380A7416.htm Infected: Trojan-Downloader.JS.Small.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\393A02A7 Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Program Files\Norton AntiVirus\Quarantine\3E90561A.dll Infected: Trojan-Downloader.Win32.Ieser.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F5B79AE.dll Infected: Trojan.Win32.Delf.gh skipped
C:\Program Files\Norton AntiVirus\Quarantine\48867A87.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\49532FFB.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\54431AE5.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\54E36BF9.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\59255B88 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D4D52F4 Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D7B7066.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D987AED Infected: Trojan-Downloader.Win32.Agent.hg skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E16608D Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\66E94A7F.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A9F4AD1.EXE Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C6A59FE.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\70D47786 Infected: Trojan-Downloader.Win32.Wintrim.bh skipped
C:\Program Files\Norton AntiVirus\Quarantine\711E30BC.dll Infected: Trojan-Downloader.Win32.Ieser.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\71663CB3.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77BC2953.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77BC2953.htm Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77C27D4C.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77C95145.exe Infected: Trojan-Proxy.Win32.Dlena.cl skipped
C:\Program Files\Norton AntiVirus\Quarantine\77CC7B41.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77D34F3A.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77D67936.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77E32128.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77E64B24.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77ED1F1D.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77F0491A.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\77F37316.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\781106A0.exe Infected: Net-Worm.Win32.Mytob.fm skipped
C:\Program Files\Norton AntiVirus\Quarantine\78A03E02.exe Infected: Net-Worm.Win32.Mytob.fm skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140577.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140577.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140578.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP641\A0140578.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140907.exe Infected: Trojan-Downloader.Win32.Dluca.da skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140912.dll Infected: not-a-virus:AdWare.Win32.MediaBack.f skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140913.exe/data0002 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140913.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140914.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140914.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140914.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140914.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140914.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140914.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140915.exe Infected: Trojan-Downloader.Win32.Dluca.dc skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140916.exe Infected: Trojan-Downloader.Win32.Dluca.cc skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140917.DLL Infected: not-a-virus:AdWare.Win32.SafeSurfing.j skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140918.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140918.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140919.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140920.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140920.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140921.exe Infected: Packed.Win32.NSAnti.r skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140922.exe Infected: not-a-virus:AdWare.Win32.DealHelper.v skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140923.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140923.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140923.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140923.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140923.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140923.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140933.dll Infected: not-a-virus:AdWare.Win32.MediaBack.f skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140934.exe/data0002 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140934.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140935.DLL Infected: not-a-virus:AdWare.Win32.SafeSurfing.j skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140936.exe Infected: Trojan-Downloader.Win32.Dluca.dc skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140937.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140937.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140938.exe Infected: Trojan-Downloader.Win32.Dluca.cc skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140939.exe Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140940.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140940.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140941.exe Infected: Packed.Win32.NSAnti.r skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140943.dll Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140944.exe Infected: not-a-virus:AdWare.Win32.DealHelper.v skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140945.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140945.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140945.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140945.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140945.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140945.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140946.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140946.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140946.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140946.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140946.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140946.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP647\A0140947.exe Infected: Trojan-Downloader.Win32.Dluca.da skipped
C:\System Volume Information\_restore{F8B05ECE-39E0-45E1-81AC-C6D0F0A35CAD}\RP658\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx.000 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll.000 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

Scan was interrupted by user!

noahdfear · 2007/12/31

The only infected things found in that scan are: items in quarantine by Norton, which can be removed; infected System Restore points, which can be removed provided you are satisfied your computer is working properly and those restore points won't be needed - details for doing so below; a false positive identification of ComboFix.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Log in or Sign up

Computer freezing and running really slow

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Computer freezing and running really slow

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Phantom Spanker Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches