Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and Malware Removal » Virus infected Cannot access local disk or programs files LOG included

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Virus infected Cannot access local disk or programs files LOG included

Reply
Thread Tools
Spyware, Adware, Viruses and Malware Removal
  #1 (permalink)  
Old 01-07-2008, 08:41 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2008
Posts: 3
Wormzer Is a beginner here at D-A-L
Angry Virus infected Cannot access local disk or programs files LOG included
Hello,

Frustrated is an understatement. I noticed I had a virus today and took the normal steps to rid my system of it, superantispyware and avast. I think I got the virus but my system is locked up. I cannot access my local disk, my task manager, or my program files via start menu. Next to my clock in the bottom right hand corner it says VIRUS ALERT! Even my lcd on my keyboard says VIRUS ALERT. If anyone can help it would be a godsend. I need to get back to work asap. Here is my hijackthis log. Any advice on how to get access to my systems functions would be great.

Thanks in advance! Brady

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35: VIRUS ALERT!, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WindowZones\WindowZones.sys
C:\Program Files\WindowZones\WindowZones.sys
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [{6D-D0-0A-A1-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinpmdt.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4416d00e] rundll32.exe "C:\WINDOWS\system32\mrkgqbav.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Vygrevar] "C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\M?crosoft\??chost.exe"
O4 - HKCU\..\Run: [Ogatphze] C:\WINDOWS\system32\s?stem\?hkntfs.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\SMBOLS~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: StockTicker.lnk = C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1181618822718
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181618800218
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O21 - SSODL: qegbdmwf - {3EF16161-CAFF-443F-AEC6-3B9D351983BE} - C:\WINDOWS\qegbdmwf.dll (file missing)
O21 - SSODL: pntqkflv - {40D7C957-79E4-49B5-B716-DB199AE1F385} - C:\WINDOWS\pntqkflv.dll (file missing)
O21 - SSODL: VolumeAlrt - {8025750f-634b-4d91-89e9-b4e9430de583} - C:\WINDOWS\Resources\VolumeAlrt.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iaymktux.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteke.html

--
End of file - 12577 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-07-2008, 07:30 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,443
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Virus infected Cannot access local disk or programs files LOG included
Since you have been able to post a log, I will assume you may be able to navigate to and run the scan tool below. Tell us what you can and can't do [can you bring up the 'Task Manager' and then run File>New Task (Run)].


Perform as much of the following steps as is possible:


Download ComboFix from one of the following links below:

Here or Here to your Desktop.


**Note: If you already have Combofix, delete previous copy(s) and download the latest version. It is important that it is saved directly to your desktop**

Combofix will disconnect your machine from the Internet and restore connections before it completes its run. If Combofix terminates prematurely and breaks the Internet connections, they can be restored manually by rebooting the machine. Note: If you have an "always on" connection (DSL/cable), unplug the cable from the modem before running Combofix. Do not reconnect before Combofix has finished its scan.
  • Very Important! Temporarily disable your:
    • anti-virus,
    • script blocking and
    • any anti-malware real-time protection
    before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all-inclusive. If yours is not listed and you don't know how to disable it, please ask.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix SHOULD NOT be used unless requested by a forum helper.
__________________
Vincent P

MALWARE TROUBLESHOOTING: READ FIRST Procedures

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 03-07-2008, 11:51 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2008
Posts: 3
Wormzer Is a beginner here at D-A-L
Re: Virus infected Cannot access local disk or programs files LOG included
"Since you have been able to post a log, I will assume you may be able to navigate to and run the scan tool below. Tell us what you can and can't do [can you bring up the 'Task Manager' and then run File>New Task (Run)]."

Ok, I followed the directions to the T but am getting an error message while trying to run combofix. I cannot bring up my taskmanager, program files, or local drives. When I try to run combofix from my desktop it gives me this error.

"C:.......\desktop\combofix.exe is not a valid win32 application"

When I try to open combofix directly via my downloads box in firefox it gives me an option to open as a link, and asks me to launch application. It also gives a warning about malicious software.

As of right now I am still severly infested but my firewall and antivirus is keeping my system workable. I would like to reformat and start over but I need to access my program files to back them up.

I will be including a superantispyware log and an updated hijackthis log. Any assistance would be much appreciated.

Thanks, Brady

PS> I still have Virus Alert next to my clock at the bottom of my screen. This overall is what is driving me the most mad! lol Thanks again guys


SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 11/11/2007 at 02:06 PM

Application Version : 3.9.1008

Core Rules Database Version : 3265
Trace Rules Database Version: 1276

Scan type : Complete Scan
Total Scan Time : 13:03:46

Memory items scanned : 538
Memory threats detected : 0
Registry items scanned : 6323
Registry threats detected : 0
File items scanned : 161645
File threats detected : 184

Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-techtarget.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.adtrak[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CAPJFI0D.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CA0982Q8.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@edge.ru4[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@roiservice[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlyuodpelq.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.espn.adsonar[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.cpmstar[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjl4clcjgeo.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[5].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@clicktorrent[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[10].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@findwhat[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stats.becu[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tracking.offerstrategy[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www6.addfreestats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@toseeka[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@revenue[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[11].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@inteletrack[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@login.tracking101[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stats2.reliablestats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjkoend5ikq.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@mystat.synch[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@podshow.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver5.teracent[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@data2.perf.overture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.monster[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@beachcamera.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlicpajcfq.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@cf-db01.clickfacts[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-kodak.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-maniatv.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@yadro[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.entrepreneur[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.xctrk[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hawaiianairlines.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adsby.zwoops[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-olympus.hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@classifiedventures1.112.2 o7[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adtech[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wbl4egc5shp.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@banner.adtrgt[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@eyewonder[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atlas.entrepreneur[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.ringro[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@tracking.pulse360[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjmiknd5gho.stats.esomniture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@webstat[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.entrepreneur[3].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wfl4qidzmfo.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CA43CFQL.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@counter.hitslink[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjlyamdpogo.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@track.bestbuy[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@prnewswire.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.k8l[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@livemercial.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@anad.tacoda[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wjkyuncjmhp.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@CAPX1WSI.txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@postclicktracking[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.3dstats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indiads[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@primedia.us.intellitxt[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adserver.easyad[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@freecodesource.advertserv e[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads3.blastro[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www2.addfreestats[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@stat.dealtime[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads2.blastro[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.social.trikepilot[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@toplist[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@smileycentral[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.weatherflow[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@e-2dj6wclyuidzicp.stats.esomniture[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@statsgod[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@hotlog[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.joinaxxess[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@analytics.sourcetool[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@reduxads.valuead[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indexstats[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@social.trikepilot[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ads.raintraffic[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@atlas.entrepreneur[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@entrepreneur[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Cookies\owner@www.adtrak[2].txt

Adware.k8l
C:\PROGRAM FILES\COMMON FILES\RTEKE.HTML

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP239\A0031632.DLL

Trojan.ZQuest-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP245\A0033778.EXE

Trojan.Downloader-Gen/RetAd
C:\WINDOWS\RETADPU1000106.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49: VIRUS ALERT!, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WindowZones\WindowZones.sys
C:\Program Files\WindowZones\WindowZones.sys
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\sprof\sprof.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll (file missing)
O2 - BHO: (no name) - {C9873CCE-8350-4DC6-8622-312F75CE3BE7} - C:\WINDOWS\system32\geBRiGVO.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [{6D-D0-0A-A1-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [WinAntiSpyware 2007] "c:\program files\winantispyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinpmdt.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sprof] C:\Program Files\sprof\sprof.exe
O4 - HKLM\..\Run: [4416d00e] rundll32.exe "C:\WINDOWS\system32\okxyjegs.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Vygrevar] "C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\My Documents\M?crosoft\??chost.exe"
O4 - HKCU\..\Run: [Ogatphze] C:\WINDOWS\system32\s?stem\?hkntfs.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\SMBOLS~1\mmc.exe" -vt ndrv
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: StockTicker.lnk = C:\Program Files\Free Desktop Tools\StockTicker\StockTicker.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1181618822718
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181618800218
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: tuvttst - tuvttst.dll (file missing)
O21 - SSODL: qegbdmwf - {3EF16161-CAFF-443F-AEC6-3B9D351983BE} - C:\WINDOWS\qegbdmwf.dll (file missing)
O21 - SSODL: pntqkflv - {40D7C957-79E4-49B5-B716-DB199AE1F385} - C:\WINDOWS\pntqkflv.dll (file missing)
O21 - SSODL: PreBootCheck - {c82935d4-5c0b-47df-ae71-e41aebcdc3ff} - C:\WINDOWS\Resources\MonCheck.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\iaymktux.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys
O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\rteke.html

--
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 04-07-2008, 03:55 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,443
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Virus infected Cannot access local disk or programs files LOG included
Quote:
When I try to open combofix directly via my downloads box in firefox it gives me an option to open as a link, and asks me to launch application. It also gives a warning about malicious software.
That is normal. Pursue that course of action and see what you get.


SuperAntiSpyware did not pick up anything consequential or necessarily a currently active threat (cookies and restore points).
__________________
Vincent P

MALWARE TROUBLESHOOTING: READ FIRST Procedures

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 04-07-2008, 07:45 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2008
Posts: 3
Wormzer Is a beginner here at D-A-L
Re: Virus infected Cannot access local disk or programs files LOG included
Combofix still does not load once I click. Any suggestions? If I would like to do a format and restore what are the steps to saving all my drivers?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 07-07-2008, 04:56 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,443
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Virus infected Cannot access local disk or programs files LOG included
Sorry for my absence - was away for the weekend.

Quote:
If I would like to do a format and restore what are the steps to saving all my drivers?
It is not customary nor practical to backup 'drivers' as these are generally available from installation disks and/or from the Internet.

It is user files that need to be backed up - generally to a USB device such as 'memory stick' or external USB drive or burnt to a CD/DVD. Even that is likely difficult given your current state. In your case, it may be better to acquire a new hard drive, do a clean install (with your vendor provided XP installation disk or recovery disk) , and then 'slave' your old drive or put it into an external USB enclosure to locate and retrieve all your files of interest. Or, have a local vendor do it.


Here are some general guidelines:

When Should I Format, How Should I Reinstall
When should I re-format? How should I reinstall? Security - dslreports.com

For more specific guidance, suggest you go over to our 'XP forum' providing specs and vendor info pertaining to your PC.



There may be other things that can be tried, if one of the following is determined to be possible:
  • Booting to SAFE MODE (tapping the F8 during the boot process).
  • Searching for a file of interest in Normal or Safe Mode:


    Use <Windows+F KEYS> and paste each FULL FILENAME Search PATH line (where available).
    -NOTE-----> Windows KEY is located on the left between the <Ctrl and Alt KEYS>.

    Additionally and in this manner, can you locate a file named?:
    %SystemRoot%\system32\restore\rstrui.exe

  • Does the <Ctrl><Alt><Delete> key sequence bring up the 'Task Manager'?
__________________
Vincent P

MALWARE TROUBLESHOOTING: READ FIRST Procedures

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
i cant reformat my Local Disk C :( spaaark Windows XP Help 12 02-07-2009 12:29 AM
i cant format my Local Disk C :( spaaark Drivers 0 01-07-2009 01:29 PM
Antivirus 2009 infected...HJT log included kushiro Spyware, Adware, Viruses and Malware Removal 3 22-10-2008 08:38 PM
[RESOLVED] Virus - I Cannot Access My Hard Disk smokinguns69 Spyware, Adware, Viruses and Malware Removal 4 21-01-2008 08:19 PM


All times are GMT +1. The time now is 12:55 PM.
Member Login
Remember me ?
Forgot password?
Ads
Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav