Tech Support Forum - View Single Post

AdamH · 08-12-2007, 02:13 PM

Hi, here is the result from the Combofix scan:

ComboFix 07-08-11 - "Gerry Hill" 2007-08-12 16:11:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Gerry Hill\Desktop\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\NoAdware4
C:\Program Files\NoAdware4\logs\Date(12-12-2005) Time(21-51-4).txt
C:\Program Files\NoAdware4\logs\Date(17-3-2006) Time(20-43-53).txt
C:\Program Files\NoAdware4\logs\Date(29-10-2005) Time(14-33-59).txt
C:\Program Files\NoAdware4\logs\Date(6-1-2006) Time(21-9-26).txt
C:\Program Files\NoAdware4\noadware4_031606.na
C:\Program Files\NoAdware4\NoAdwareBackup\1,6,2006_21,8,37.zip
C:\Program Files\NoAdware4\NoAdwareBackup\10,29,2005_14,33,54.zip
C:\WINDOWS\R2VycnkgSGlsbA
C:\WINDOWS\R2VycnkgSGlsbA\lZpVwB40m35PvE.vbs

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ADXAPIE
-------\LEGACY_AUTORUN
-------\adxapie
-------\autorun

((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))

2007-08-11 12:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 19:19 <DIR> d-------- C:\Deckard
2007-08-10 19:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-10 17:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 18:59 <DIR> d-------- C:\Program Files\FileDeleter

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 12:41 --------- d-------- C:\Program Files\Hijack This
2007-08-10 18:24 --------- d-------- C:\Program Files\QuickTime
2007-08-10 18:18 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-27 19:35 384 --a------ C:\Program Files\LimeWire.lnk
2007-07-25 19:16 --------- d-------- C:\DOCUME~1\GERRYH~1\APPLIC~1\Google
2007-07-24 20:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 20:49 --------- d-------- C:\Program Files\Pool Station Classic
2007-07-24 20:45 --------- d-------- C:\Program Files\Logitech
2007-07-24 18:56 --------- d-------- C:\Program Files\Canon
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-03-05 17:33 774144 --a--c--- C:\Program Files\RngInterstitial.dll
2001-11-23 12:08 712704 --a--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-18 03:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 20:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-28 13:07]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)

R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver;C:\Program Files\Belkin\F5D7051\WLService.exe
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
R2 enodpl;enodpl;C:\WINDOWS\system32\drivers\enodpl.sys
R2 JiaoCap;JiaoCap, WDM Video Capture for VCDCut;C:\WINDOWS\system32\DRIVERS\JiaoCap.sys
R2 JiaoIO;JiaoIO;\??\C:\WINDOWS\system32\drivers\JiaoIO.sys
R2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys
R2 tandpl;tandpl;C:\WINDOWS\system32\drivers\tandpl.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter;C:\WINDOWS\system32\DRIVERS\splitcam.sys
R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 USR1806V;U.S. Robotics Voice Modem Driver 1806;C:\WINDOWS\system32\DRIVERS\USR1806V.SYS
S2 TTELL;TTell WDM Video Capture;C:\WINDOWS\system32\DRIVERS\TTell.sys
S2 VirtualCam;VirtualCamera;C:\WINDOWS\system32\DRIVERS\VirtualCam.sys
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
S3 AVWLP_USB;WLAN PRISM USB Driver;C:\WINDOWS\system32\DRIVERS\AVWLPUSB.sys
S3 BRIDGE;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 DCamUSBSQTECH;Dual-Mode DSC(2770);C:\WINDOWS\system32\Drivers\SQcaptur.sys
S3 dptrackerd;Tracker Driver;C:\WINDOWS\system32\drivers\dptrackerd.sys
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a1db0f8-ffe1-11db-84f8-001150c32749}]
AutoRun\command- index.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e613aa-f8d1-11db-84e8-001150c32749}]
AutoRun\command- index.html

*Newly Created Service* - GTNDIS5

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 16:20:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 16:22:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 16:21
C:\ComboFix2.txt ... 2007-08-11 12:34

--- E O F ---

In the Kaspersky online scan I did 3 scans. Critical Areas, Memory and My Computer. There were no viruses found in the memory scan.

Viruses were found in the Critical Areas scan and below is the log:

KASPERSKY ONLINE SCANNER REPORT
Sunday, August 12, 2007 7:23:41 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/08/2007
Kaspersky Anti-Virus database records: 379009

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\GERRYH~1\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 21109
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:44:02

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\iconzx.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped

C:\WINDOWS\Internet Logs\ADAM.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\ZLT0228d.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT06026.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Viruses were also found in the My Computer scan, below is the log:

KASPERSKY ONLINE SCANNER REPORT
Sunday, August 12, 2007 8:58:12 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/08/2007
Kaspersky Anti-Virus database records: 379009

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics
Total number of scanned objects 56543
Number of viruses found 25
Number of infected objects 51
Number of suspicious objects 0
Duration of the scan process 01:33:28

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\SecTaskMan\ipwins.exe.q_F65BA00_q Infected: not-a-virus:AdWare.Win32.Rond.a skipped

C:\Documents and Settings\All Users\Application Data\SecTaskMan\nfomon.exe.q_E95E000_q Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped

C:\Documents and Settings\All Users\Application Data\SecTaskMan\vidmon.exe.q_E826001_q Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.j skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\TimeForLessSlow\meowcast.exe Infected: Trojan.Win32.Obfuscated.en skipped

C:\Documents and Settings\Gerry Hill\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Gerry Hill\install.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped

C:\Documents and Settings\Gerry Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Gerry Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Gerry Hill\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Gerry Hill\Local Settings\History\History.IE5\MSHist012007081220070813\index.dat Object is locked skipped

C:\Documents and Settings\Gerry Hill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Gerry Hill\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Gerry Hill\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Gerry Hill\up.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\Documents and Settings\Gerry Hill\up.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Gerry Hill\xtz.exe Infected: not-a-virus:PSWTool.Win32.PassView.b skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\DOCUME~1\GERRYH~1\MYDOCU~1\DOBE~1\wuauclt.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ek skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe.vir Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\{30CDC~1\Bar888.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\unsvchosts.exe.vir Infected: not-a-virus:RiskTool.Win32.Starter.a skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0173456.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0173457.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0173460.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174110.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0007/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0007/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0008/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0008/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0008 Infected: not-a-virus:AdWare.Win32.Exact.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0003.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0003.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0003.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe Inno: infected - 22 skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP938\A0176964.exe Infected: Backdoor.Win32.IRCBot.tk skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP938\A0176965.old Infected: Backdoor.Win32.IRCBot.dd skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP938\A0176968.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP939\A0176970.exe Infected: Backdoor.Win32.IRCBot.dd skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP941\A0177067.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP941\A0177069.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP941\A0177073.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped

C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP943\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\iconzx.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped

C:\WINDOWS\Internet Logs\ADAM.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\ZLT0228d.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT06026.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

G:\LimeWire\02 mueca de trapo 27.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped

G:\LimeWire\mystery case files ravenshears.zip/BitDownload-setup.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped

G:\LimeWire\mystery case files ravenshears.zip/BitDownload-setup.exe Infected: Trojan.Win32.Obfuscated.en skipped

G:\LimeWire\mystery case files ravenshears.zip ZIP: infected - 2 skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP943\change.log Object is locked skipped

Scan process completed.

Here are my fresh hijackthis scan results:

Logfile of HijackThis v1.99.1
Scan saved at 21:12:24, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mymusic80.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for you help!

Adam

08-12-2007, 02:13 PM	#7 (permalink)
AdamH Registered User Join Date: Aug 2007 Location: Hampshire Posts: 6 OS: XP	Re: Can't run cmd or taskmgr Hi, here is the result from the Combofix scan: ComboFix 07-08-11 - "Gerry Hill" 2007-08-12 16:11:30.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT 1:00] Command switches used :: C:\Documents and Settings\Gerry Hill\Desktop\CFScript.txt * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\NoAdware4 C:\Program Files\NoAdware4\logs\Date(12-12-2005) Time(21-51-4).txt C:\Program Files\NoAdware4\logs\Date(17-3-2006) Time(20-43-53).txt C:\Program Files\NoAdware4\logs\Date(29-10-2005) Time(14-33-59).txt C:\Program Files\NoAdware4\logs\Date(6-1-2006) Time(21-9-26).txt C:\Program Files\NoAdware4\noadware4_031606.na C:\Program Files\NoAdware4\NoAdwareBackup\1,6,2006_21,8,37.zip C:\Program Files\NoAdware4\NoAdwareBackup\10,29,2005_14,33,54.zip C:\WINDOWS\R2VycnkgSGlsbA C:\WINDOWS\R2VycnkgSGlsbA\lZpVwB40m35PvE.vbs ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_ADXAPIE -------\LEGACY_AUTORUN -------\adxapie -------\autorun ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-11 12:21 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-10 19:19 <DIR> d-------- C:\Deckard 2007-08-10 19:16 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-10 17:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-07-25 18:59 <DIR> d-------- C:\Program Files\FileDeleter (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 12:41 --------- d-------- C:\Program Files\Hijack This 2007-08-10 18:24 --------- d-------- C:\Program Files\QuickTime 2007-08-10 18:18 --------- d-------- C:\Program Files\Common Files\Symantec Shared 2007-07-27 19:35 384 --a------ C:\Program Files\LimeWire.lnk 2007-07-25 19:16 --------- d-------- C:\DOCUME~1\GERRYH~1\APPLIC~1\Google 2007-07-24 20:55 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-24 20:49 --------- d-------- C:\Program Files\Pool Station Classic 2007-07-24 20:45 --------- d-------- C:\Program Files\Logitech 2007-07-24 18:56 --------- d-------- C:\Program Files\Canon 2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2006-03-05 17:33 774144 --a--c--- C:\Program Files\RngInterstitial.dll 2001-11-23 12:08 712704 --a--c--- C:\WINDOWS\inf\OTHER\AUDIO3D.DLL ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-18 03:28] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 20:17] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-28 13:07] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "SpecifyDefaultButtons"=0 (0x0) "Btn_Search"=0 (0x0) R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver;C:\Program Files\Belkin\F5D7051\WLService.exe R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS R2 enodpl;enodpl;C:\WINDOWS\system32\drivers\enodpl.sys R2 JiaoCap;JiaoCap, WDM Video Capture for VCDCut;C:\WINDOWS\system32\DRIVERS\JiaoCap.sys R2 JiaoIO;JiaoIO;\??\C:\WINDOWS\system32\drivers\JiaoIO.sys R2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys R2 tandpl;tandpl;C:\WINDOWS\system32\drivers\tandpl.sys R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter;C:\WINDOWS\system32\DRIVERS\splitcam.sys R3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys R3 USR1806V;U.S. Robotics Voice Modem Driver 1806;C:\WINDOWS\system32\DRIVERS\USR1806V.SYS S2 TTELL;TTell WDM Video Capture;C:\WINDOWS\system32\DRIVERS\TTell.sys S2 VirtualCam;VirtualCamera;C:\WINDOWS\system32\DRIVERS\VirtualCam.sys S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys S3 AVWLP_USB;WLAN PRISM USB Driver;C:\WINDOWS\system32\DRIVERS\AVWLPUSB.sys S3 BRIDGE;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys S3 DCamUSBSQTECH;Dual-Mode DSC(2770);C:\WINDOWS\system32\Drivers\SQcaptur.sys S3 dptrackerd;Tracker Driver;C:\WINDOWS\system32\drivers\dptrackerd.sys S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k750mgmt.sys S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a1db0f8-ffe1-11db-84f8-001150c32749}] AutoRun\command- index.html [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e613aa-f8d1-11db-84e8-001150c32749}] AutoRun\command- index.html Newly Created Service - GTNDIS5 ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 16:20:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-12 16:22:06 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-12 16:21 C:\ComboFix2.txt ... 2007-08-11 12:34 --- E O F --- In the Kaspersky online scan I did 3 scans. Critical Areas, Memory and My Computer. There were no viruses found in the memory scan. Viruses were found in the Critical Areas scan and below is the log: KASPERSKY ONLINE SCANNER REPORT Sunday, August 12, 2007 7:23:41 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 12/08/2007 Kaspersky Anti-Virus database records: 379009 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWS C:\DOCUME~1\GERRYH~1\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 21109 Number of viruses found 1 Number of infected objects 1 Number of suspicious objects 0 Duration of the scan process 00:44:02 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\iconzx.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped C:\WINDOWS\Internet Logs\ADAM.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT0228d.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT06026.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Viruses were also found in the My Computer scan, below is the log: KASPERSKY ONLINE SCANNER REPORT Sunday, August 12, 2007 8:58:12 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 12/08/2007 Kaspersky Anti-Virus database records: 379009 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 56543 Number of viruses found 25 Number of infected objects 51 Number of suspicious objects 0 Duration of the scan process 01:33:28 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\SecTaskMan\ipwins.exe.q_F65BA00_q Infected: not-a-virus:AdWare.Win32.Rond.a skipped C:\Documents and Settings\All Users\Application Data\SecTaskMan\nfomon.exe.q_E95E000_q Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped C:\Documents and Settings\All Users\Application Data\SecTaskMan\vidmon.exe.q_E826001_q Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.j skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\TimeForLessSlow\meowcast.exe Infected: Trojan.Win32.Obfuscated.en skipped C:\Documents and Settings\Gerry Hill\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Gerry Hill\install.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped C:\Documents and Settings\Gerry Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Gerry Hill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Gerry Hill\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gerry Hill\Local Settings\History\History.IE5\MSHist012007081220070813\index.dat Object is locked skipped C:\Documents and Settings\Gerry Hill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gerry Hill\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Gerry Hill\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\Gerry Hill\up.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped C:\Documents and Settings\Gerry Hill\up.exe NSIS: infected - 1 skipped C:\Documents and Settings\Gerry Hill\xtz.exe Infected: not-a-virus:PSWTool.Win32.PassView.b skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\DOCUME~1\GERRYH~1\MYDOCU~1\DOBE~1\wuauclt.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ek skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe.vir Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped C:\QooBox\Quarantine\C\Program Files\Common Files\{30CDC~1\Bar888.dll.vir Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped C:\QooBox\Quarantine\C\WINDOWS\system32\unsvchosts.exe.vir Infected: not-a-virus:RiskTool.Win32.Starter.a skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0173456.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0173457.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0173460.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174110.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0006 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0007/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0007/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0008/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0008/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0008 Infected: not-a-virus:AdWare.Win32.Exact.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0002.cab/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.f skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0003.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0003.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009/data0003.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe/data0009 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP933\A0174121.exe Inno: infected - 22 skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP938\A0176964.exe Infected: Backdoor.Win32.IRCBot.tk skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP938\A0176965.old Infected: Backdoor.Win32.IRCBot.dd skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP938\A0176968.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP939\A0176970.exe Infected: Backdoor.Win32.IRCBot.dd skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP941\A0177067.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP941\A0177069.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP941\A0177073.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped C:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP943\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\iconzx.exe Infected: not-a-virus:AdWare.Win32.Zestyfind skipped C:\WINDOWS\Internet Logs\ADAM.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT0228d.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT06026.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped G:\LimeWire\02 mueca de trapo 27.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped G:\LimeWire\mystery case files ravenshears.zip/BitDownload-setup.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped G:\LimeWire\mystery case files ravenshears.zip/BitDownload-setup.exe Infected: Trojan.Win32.Obfuscated.en skipped G:\LimeWire\mystery case files ravenshears.zip ZIP: infected - 2 skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\_restore{012C2937-6319-4F5C-9B97-7CD9CCD55AA7}\RP943\change.log Object is locked skipped Scan process completed. Here are my fresh hijackthis scan results: Logfile of HijackThis v1.99.1 Scan saved at 21:12:24, on 12/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Belkin\F5D7051\WLService.exe C:\Program Files\Belkin\F5D7051\WLanCfgG.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mymusic80.spaces.msn.com//Pho...d/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks for you help! Adam