Tech Support Forum - View Single Post

leemitchell · 12-04-2006, 12:19 PM

thanks for all your help. Here are the logs

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSCBV.EXE 51,716 2006-09-22

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:15:33 03/12/2006

+ Scan result:

C:\WINDOWS\system32\kdkss.exe -> Downloader.Zlob.aty : Cleaned with backup (quarantined).

::Report end

Sunday, December 03, 2006 2:42:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/12/2006
Kaspersky Anti-Virus database records: 247695

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 64059
Number of viruses found 27
Number of infected objects 23079 / 0
Number of suspicious objects 0
Duration of the scan process 01

20

Infected Object Name Virus Name Last Action

:\Documents and Settings\Dean\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Dean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dean\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dean\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dean\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dean\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVApp.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVError.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\AVVirus.log Object is locked skipped
C:\Program Files\Yahoo!\NAV\Savrt\0584NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4EEAE2B1-4225-44E7-8239-D5DA3D80238D}\RP3\A0000144.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{4EEAE2B1-4225-44E7-8239-D5DA3D80238D}\RP4\A0002374.exe Infected: Trojan.Win32.DNSChanger.as skipped
C:\System Volume Information\_restore{4EEAE2B1-4225-44E7-8239-D5DA3D80238D}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DEAN-FYIU2WR2JE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Motive\btbb\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cscbv.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\ZLT009d7.TMP Object is locked skipped
C:\WINDOWS\temp\ZLT009da.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Dean - 03/12/2006@14:47:19.41
running from C:\Autorun etc\

Other users of this machine:
* Administrator

----------------------------------------------------------------------------------

HKLM\System\CurrentControlSet\Services
Automatic LiveUpdate Scheduler
Manages the scheduling of Automatic LiveUpdate sessions
(Verified) Symantec Corporation
c:\program files\symantec\liveupdate\aluschedulersvc.exe
AVG Anti-Spyware Guard
AVG Anti-Spyware guard
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
ccEvtMgr
Event propagation and logging service
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccevtmgr.exe
ccSetMgr
Settings storage and management service
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccsetmgr.exe
DJSNETCN
Symantec Licensing Detect Internet Connection
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\djsnetcn.exe
navapsvc
Handles Norton AntiVirus Auto-Protect events.
(Verified) Symantec Corporation
c:\program files\yahoo!\nav\navapsvc.exe
NPFMntor
Detects installation of Symantec Firewall clients
(Verified) Symantec Corporation
c:\program files\yahoo!\nav\iwp\npfmntor.exe
NVSvc
Provides system and desktop level support to the NVIDIA display driver
(Not verified) NVIDIA Corporation
c:\windows\system32\nvsvc32.exe
SNDSrvc
Symantec Network Drivers Service
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\sndsrvc.exe
SPBBCSvc
Symantec SPBBC
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
Symantec Core LC
Symantec Core LC
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
vsmon
Monitors internet traffic and generates alerts for disallowed access.
(Verified) Check Point Software Technologies Inc.
c:\windows\system32\zonelabs\vsmon.exe

HKLM\System\CurrentControlSet\Services
AVG Anti-Spyware Driver
c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
AvgAsCln
AVG7 Clean Driver
(Not verified) GRISOFT, s.r.o.
c:\windows\system32\drivers\avgascln.sys
eeCtrl
Symantec Eraser Control Driver
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\eengine\eectrl.sys
EraserUtilRebootDrv
Symantec Eraser Utility Driver
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys
GEARAspiWDM
CDRom Class Filter Driver
(Verified) GEAR Software Inc.
c:\windows\system32\drivers\gearaspiwdm.sys
gtermddo
File not found: C:\DOCUME~1\Dean\LOCALS~1\Temp\gtermddo.sys
MA8630C
USB Control Driver
(Not verified) Mobile Action Technology Inc.
c:\windows\system32\drivers\ma8630c.sys
MA8630M
USB MODEM Driver
(Not verified) Mobile Action Technology Inc.
c:\windows\system32\drivers\ma8630m.sys
MA8630U
USB Bus Driver
(Not verified) Mobile Action Technology Inc.
c:\windows\system32\drivers\ma8630u.sys
MaRdPnp
USB Data Cable Driver
(Not verified) Mobile Action Technology Inc.
c:\windows\system32\drivers\mardp2k.sys
MaVctrl
Mobile Action Virtual Control
(Not verified) Mobile Action Technology Inc.
c:\windows\system32\drivers\mavc2k.sys
MRENDIS5
Motive NDIS 5.0 Protocol Driver
(Not verified) Motive, Inc.
c:\program files\common files\motive\mrendis5.sys
NAVENG
AV Engine
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\virusdefs\20061130.018\naveng.sys
NAVEX15
AV Engine
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\virusdefs\20061130.018\navex15.sys
nodantivir
File not found: C:\WINDOWS\system32\nodantivir.sys
Nokia USB Phone Parent
Nokia USB Phone Bus Driver
(Not verified) Nokia
c:\windows\system32\drivers\nmwcd.sys
nv
NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.77
(Not verified) NVIDIA Corporation
c:\windows\system32\drivers\nv4_mini.sys
Pcouffin
File not found: System32\Drivers\Pcouffin.sys
pfc
Padus(R) ASPI Shell
(Not verified) Padus, Inc.
c:\windows\system32\drivers\pfc.sys
SAVRT
AutoProtect
(Verified) Symantec Corporation
c:\program files\yahoo!\nav\savrt.sys
SAVRTPEL
SAVRTPEL
(Verified) Symantec Corporation
c:\program files\yahoo!\nav\savrtpel.sys
Secdrv
SafeDisc driver
(Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
c:\windows\system32\drivers\secdrv.sys
SPBBCDrv
SPBBC Driver
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
SQTECH930B
Video Streaming and Capture Device Driver
(Not verified) Salix
c:\windows\system32\drivers\capt930b.sys
srescan
srescan
(Verified) Check Point Software Technologies Inc.
c:\windows\system32\zonelabs\srescan.sys
StMp3Rec
Generic MP3 Player USB Driver
(Not verified) Generic
c:\windows\system32\drivers\stmp3rec.sys
SYMDNS
DNS Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symdns.sys
SymEvent
Symantec Event Library
(Verified) Symantec Corporation
c:\windows\system32\drivers\symevent.sys
SYMFW
Firewall Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symfw.sys
SYMIDS
IDS Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symids.sys
SYMIDSCO
IDS Core Driver
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\symcdata\ids-diskless\20061113.031\symidsco.sys
SYMNDIS
NDIS Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symndis.sys
SYMREDRV
Redirector Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symredrv.sys
SYMTDI
Network Dispatch Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symtdi.sys
vsdatant
TrueVector Device Driver
(Verified) Check Point Software Technologies Inc.
c:\windows\system32\vsdatant.sys
w810bus
File not found: system32\DRIVERS\w810bus.sys
w810mdfl
Sony Ericsson W810 USB WMC Modem Filter
File not found: system32\DRIVERS\w810mdfl.sys
w810mdm
Sony Ericsson W810 USB WMC Modem Driver
File not found: system32\DRIVERS\w810mdm.sys
w810mgmt
Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
File not found: system32\DRIVERS\w810mgmt.sys
w810obex
Sony Ericsson W810 USB WMC OBEX Interface
File not found: system32\DRIVERS\w810obex.sys

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YBrowser
YBrwIcon
(Not verified) Yahoo! Inc.
c:\program files\yahoo!\browser\ybrwicon.exe
YOP
Dashboard Module
(Verified) Yahoo! Inc.
c:\program files\yahoo!\yop\yop.exe
ccApp
Symantec User Session
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccapp.exe
btbb_wcm_McciTrayApp
mcci+McciTrayApp
(Not verified) Motive Communications, Inc.
c:\program files\btbb_wcm\mccitrayapp.exe
Zone Labs Client
Zone Labs Client
(Verified) Check Point Software Technologies Inc.
c:\program files\zone labs\zonealarm\zlclient.exe
!AVG Anti-Spyware
AVG Anti-Spyware
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
SunJavaUpdateSched
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_09\bin\jusched.exe
NvCplDaemon
NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll

HKLM\SOFTWARE\Classes\Protocols\Filter
application/octet-stream
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-complus
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-msdownload
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler
cdo
Microsoft SharePoint Portal Server Object Model
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
ms-itss
Microsoft® InfoTech Storage System Library
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\information retrieval\msitss.dll
msnim
MSN Messenger Protocol Handler
(Not verified) Microsoft Corporation
c:\program files\msn messenger\msgrapp.dll

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
n/a
Microsoft .NET IE SECURITY REGISTRATION
(Not verified) Microsoft Corporation
c:\windows\system32\mscories.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Spyware Doctor
Spyware Doctor
(Not verified) PCTools
c:\program files\spyware doctor\swdoctor.exe

Task Scheduler
Auto-scheduled task of Free Registry Fix.job
Free Registry Fix
(Not verified) Promosoft Corp.
c:\program files\free registry fix\regfixf.exe
Norton AntiVirus - Run Full System Scan - Dean.job
Norton AntiVirus Scanner Module
(Verified) Symantec Corporation
c:\program files\yahoo!\nav\navw32.exe
Symantec NetDetect.job
File not found: C:\Program Files\Symantec\LiveUpdate\NDetect.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Yahoo! Toolbar Helper
Yahoo! Toolbar
(Verified) Yahoo! Inc.
c:\program files\yahoo!\companion\installs\cpn5\yt.dll
Adobe PDF Reader Link Helper
Adobe Acrobat IE Helper Version 7.0 for ActiveX
(Verified) Adobe Systems, Incorporated
c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Yahoo! IE Services Button
Yahoo! IE Services
(Verified) Yahoo! Inc.
c:\program files\yahoo!\common\yiesrvc.dll
PCTools Site Guard
Site Guard
(Not verified) PC Tools
c:\program files\spyware doctor\tools\iesdsg.dll
SSVHelper Class
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_09\bin\ssv.dll
PCTools Browser Monitor
iesdpb.dll
(Not verified) GuideWorks Pty. Ltd.
c:\program files\spyware doctor\tools\iesdpb.dll
SidebarAutoLaunch Class
YSidebarIEBHO Module
(Verified) Yahoo! Inc.
c:\program files\yahoo!\browser\ysidebariebho.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
AVG Anti-Spyware 7.5
AVG Anti-Spyware shellexecutehook
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
NvCpl DesktopContext Class
NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll
Play on my TV helper
NVIDIA Display Properties Extension
(Not verified) NVIDIA Corporation
c:\windows\system32\nvcpl.dll
Desktop Explorer
NVIDIA Desktop Explorer, Version 61.77
(Not verified) NVIDIA Corporation
c:\windows\system32\nvshell.dll
Desktop Explorer Menu
NVIDIA Desktop Explorer, Version 61.77
(Not verified) NVIDIA Corporation
c:\windows\system32\nvshell.dll
nView Desktop Context Menu
NVIDIA Desktop Explorer, Version 61.77
(Not verified) NVIDIA Corporation
c:\windows\system32\nvshell.dll
Web Folders
Microsoft Web Folders
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\web folders\msonsext.dll
Nokia Phone Browser
Nokia Phone Browser
(Not verified) Nokia
c:\program files\nokia\nokia pc suite 6\components\phonebrowsercomponents\nokiaphonebrowser.dll
Contact View
Nokia Phone Browser Contact View
(Not verified) Nokia
c:\program files\nokia\nokia pc suite 6\components\phonebrowsercomponents\contactview.dll
Shell Extensions for RealOne Player
RealPlayer Shell Extensions
(Not verified) RealNetworks, Inc.
c:\program files\real\realplayer\rpshell.dll
Samsung YP-N30Shell Hook
Samsung YP-N30 Player Shell Extension
(Not verified) Samsung Electronics Co., LTD.
c:\windows\system32\ypn30h.dll
iTunes
iTunes Mini Player DLL
(Not verified) Apple Computer, Inc.
c:\program files\itunes\itunesminiplayer.dll
Yahoo! Mail
YMMAPI Module
(Verified) Yahoo! Inc.
c:\program files\yahoo!\common\ymmapi.dll
Fusion Cache
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
PDF Shell Extension
PDF Shell Extension
(Not verified) Adobe Systems, Inc.
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
yt.dll
Yahoo! Toolbar
(Verified) Yahoo! Inc.
c:\program files\yahoo!\companion\installs\cpn5\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar
yt.dll
Yahoo! Toolbar
(Verified) Yahoo! Inc.
c:\program files\yahoo!\companion\installs\cpn5\yt.dll

230 USB-Handset Manager
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
ArcSoft VideoImpression 2
AVG Anti-Spyware 7.5
BT Broadband Desktop Help
BT Voyager 205 ADSL Router
BT Yahoo! Applications
ccCommon
CCleaner (remove only)
CleanUp!
C-Media WDM Audio Driver
Digital Camera Driver
Disc2Phone
Free Registry Fix 3.9
HijackThis 1.99.1
InterActual Player
Internet Worm Protection
iPod for Windows 2005-06-26
iPod for Windows 2006-01-10
iPod for Windows 2006-03-23
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (2.0)
MSN Messenger 7.5
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nokia Connectivity Cable DKU-2 Drivers
Nokia PC Suite 6.1
Norton AntiVirus 2006
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
Panda ActiveScan
PowerDVD
QuickTime
RealPlayer
Record Smart 1.0
Registry Mechanic
RichFX Player
Samsung YP-N30
Sony Ericsson Software
SPBBC
Spybot - Search & Destroy 1.3
Spyware Doctor 3.1
Symantec
TomTom HOME
Trust WB-3500T USB2 Webcam
WinAVI VideoConverter
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
ZoneAlarm

Logfile of HijackThis v1.99.1
Scan saved at 11:18:41, on 04/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O15 - Trusted Zone: www.myspace.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136908161459
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I hope this is everything you asked for.

12-04-2006, 12:19 PM	#3 (permalink)
leemitchell Registered User Join Date: Nov 2006 Posts: 6 OS: xp	thanks for all your help. Here are the logs Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft (R) Windows Script Host Version 5.6 Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSCBV.EXE 51,716 2006-09-22 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 13:15:33 03/12/2006 + Scan result: C:\WINDOWS\system32\kdkss.exe -> Downloader.Zlob.aty : Cleaned with backup (quarantined). ::Report end Sunday, December 03, 2006 2:42:20 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 3/12/2006 Kaspersky Anti-Virus database records: 247695 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 64059 Number of viruses found 27 Number of infected objects 23079 / 0 Number of suspicious objects 0 Duration of the scan process 0120 Infected Object Name Virus Name Last Action :\Documents and Settings\Dean\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Dean\Desktop\Repair tools\SmitfraudFix.zip ZIP: infected - 1 skipped C:\Documents and Settings\Dean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dean\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dean\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dean\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Dean\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped :\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Yahoo!\NAV\AVApp.log Object is locked skipped C:\Program Files\Yahoo!\NAV\AVError.log Object is locked skipped C:\Program Files\Yahoo!\NAV\AVVirus.log Object is locked skipped C:\Program Files\Yahoo!\NAV\Savrt\0584NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{4EEAE2B1-4225-44E7-8239-D5DA3D80238D}\RP3\A0000144.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{4EEAE2B1-4225-44E7-8239-D5DA3D80238D}\RP4\A0002374.exe Infected: Trojan.Win32.DNSChanger.as skipped C:\System Volume Information\_restore{4EEAE2B1-4225-44E7-8239-D5DA3D80238D}\RP4\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\DEAN-FYIU2WR2JE.ldb Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\Motive\btbb\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\cscbv.exe Infected: Trojan-Downloader.Win32.Agent.uj skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\temp\ZLT009d7.TMP Object is locked skipped C:\WINDOWS\temp\ZLT009da.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Dean - 03/12/2006@14:47:19.41 running from C:\Autorun etc\ Other users of this machine: * Administrator ---------------------------------------------------------------------------------- HKLM\System\CurrentControlSet\Services Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions (Verified) Symantec Corporation c:\program files\symantec\liveupdate\aluschedulersvc.exe AVG Anti-Spyware Guard AVG Anti-Spyware guard (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe ccEvtMgr Event propagation and logging service (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe ccSetMgr Settings storage and management service (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe DJSNETCN Symantec Licensing Detect Internet Connection (Verified) Symantec Corporation c:\program files\common files\symantec shared\djsnetcn.exe navapsvc Handles Norton AntiVirus Auto-Protect events. (Verified) Symantec Corporation c:\program files\yahoo!\nav\navapsvc.exe NPFMntor Detects installation of Symantec Firewall clients (Verified) Symantec Corporation c:\program files\yahoo!\nav\iwp\npfmntor.exe NVSvc Provides system and desktop level support to the NVIDIA display driver (Not verified) NVIDIA Corporation c:\windows\system32\nvsvc32.exe SNDSrvc Symantec Network Drivers Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe SPBBCSvc Symantec SPBBC (Verified) Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe Symantec Core LC Symantec Core LC (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe vsmon Monitors internet traffic and generates alerts for disallowed access. (Verified) Check Point Software Technologies Inc. c:\windows\system32\zonelabs\vsmon.exe HKLM\System\CurrentControlSet\Services AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys AvgAsCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys eeCtrl Symantec Eraser Control Driver (Verified) Symantec Corporation c:\program files\common files\symantec shared\eengine\eectrl.sys EraserUtilRebootDrv Symantec Eraser Utility Driver (Verified) Symantec Corporation c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys gtermddo File not found: C:\DOCUME~1\Dean\LOCALS~1\Temp\gtermddo.sys MA8630C USB Control Driver (Not verified) Mobile Action Technology Inc. c:\windows\system32\drivers\ma8630c.sys MA8630M USB MODEM Driver (Not verified) Mobile Action Technology Inc. c:\windows\system32\drivers\ma8630m.sys MA8630U USB Bus Driver (Not verified) Mobile Action Technology Inc. c:\windows\system32\drivers\ma8630u.sys MaRdPnp USB Data Cable Driver (Not verified) Mobile Action Technology Inc. c:\windows\system32\drivers\mardp2k.sys MaVctrl Mobile Action Virtual Control (Not verified) Mobile Action Technology Inc. c:\windows\system32\drivers\mavc2k.sys MRENDIS5 Motive NDIS 5.0 Protocol Driver (Not verified) Motive, Inc. c:\program files\common files\motive\mrendis5.sys NAVENG AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20061130.018\naveng.sys NAVEX15 AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20061130.018\navex15.sys nodantivir File not found: C:\WINDOWS\system32\nodantivir.sys Nokia USB Phone Parent Nokia USB Phone Bus Driver (Not verified) Nokia c:\windows\system32\drivers\nmwcd.sys nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.77 (Not verified) NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys Pcouffin File not found: System32\Drivers\Pcouffin.sys pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys SAVRT AutoProtect (Verified) Symantec Corporation c:\program files\yahoo!\nav\savrt.sys SAVRTPEL SAVRTPEL (Verified) Symantec Corporation c:\program files\yahoo!\nav\savrtpel.sys Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys SPBBCDrv SPBBC Driver (Verified) Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys SQTECH930B Video Streaming and Capture Device Driver (Not verified) Salix c:\windows\system32\drivers\capt930b.sys srescan srescan (Verified) Check Point Software Technologies Inc. c:\windows\system32\zonelabs\srescan.sys StMp3Rec Generic MP3 Player USB Driver (Not verified) Generic c:\windows\system32\drivers\stmp3rec.sys SYMDNS DNS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symdns.sys SymEvent Symantec Event Library (Verified) Symantec Corporation c:\windows\system32\drivers\symevent.sys SYMFW Firewall Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symfw.sys SYMIDS IDS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symids.sys SYMIDSCO IDS Core Driver (Verified) Symantec Corporation c:\program files\common files\symantec shared\symcdata\ids-diskless\20061113.031\symidsco.sys SYMNDIS NDIS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symndis.sys SYMREDRV Redirector Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symredrv.sys SYMTDI Network Dispatch Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys vsdatant TrueVector Device Driver (Verified) Check Point Software Technologies Inc. c:\windows\system32\vsdatant.sys w810bus File not found: system32\DRIVERS\w810bus.sys w810mdfl Sony Ericsson W810 USB WMC Modem Filter File not found: system32\DRIVERS\w810mdfl.sys w810mdm Sony Ericsson W810 USB WMC Modem Driver File not found: system32\DRIVERS\w810mdm.sys w810mgmt Sony Ericsson W810 USB WMC Device Management Drivers (WDM) File not found: system32\DRIVERS\w810mgmt.sys w810obex Sony Ericsson W810 USB WMC OBEX Interface File not found: system32\DRIVERS\w810obex.sys HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YBrowser YBrwIcon (Not verified) Yahoo! Inc. c:\program files\yahoo!\browser\ybrwicon.exe YOP Dashboard Module (Verified) Yahoo! Inc. c:\program files\yahoo!\yop\yop.exe ccApp Symantec User Session (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe btbb_wcm_McciTrayApp mcci+McciTrayApp (Not verified) Motive Communications, Inc. c:\program files\btbb_wcm\mccitrayapp.exe Zone Labs Client Zone Labs Client (Verified) Check Point Software Technologies Inc. c:\program files\zone labs\zonealarm\zlclient.exe !AVG Anti-Spyware AVG Anti-Spyware (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\jusched.exe NvCplDaemon NVIDIA Display Properties Extension (Not verified) NVIDIA Corporation c:\windows\system32\nvcpl.dll HKLM\SOFTWARE\Classes\Protocols\Filter application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll HKLM\SOFTWARE\Classes\Protocols\Handler cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\pkmcdo.dll ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\program files\msn messenger\msgrapp.dll HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Run Spyware Doctor Spyware Doctor (Not verified) PCTools c:\program files\spyware doctor\swdoctor.exe Task Scheduler Auto-scheduled task of Free Registry Fix.job Free Registry Fix (Not verified) Promosoft Corp. c:\program files\free registry fix\regfixf.exe Norton AntiVirus - Run Full System Scan - Dean.job Norton AntiVirus Scanner Module (Verified) Symantec Corporation c:\program files\yahoo!\nav\navw32.exe Symantec NetDetect.job File not found: C:\Program Files\Symantec\LiveUpdate\NDetect.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Yahoo! Toolbar Helper Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn5\yt.dll Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll Yahoo! IE Services Button Yahoo! IE Services (Verified) Yahoo! Inc. c:\program files\yahoo!\common\yiesrvc.dll PCTools Site Guard Site Guard (Not verified) PC Tools c:\program files\spyware doctor\tools\iesdsg.dll SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\ssv.dll PCTools Browser Monitor iesdpb.dll (Not verified) GuideWorks Pty. Ltd. c:\program files\spyware doctor\tools\iesdpb.dll SidebarAutoLaunch Class YSidebarIEBHO Module (Verified) Yahoo! Inc. c:\program files\yahoo!\browser\ysidebariebho.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved NvCpl DesktopContext Class NVIDIA Display Properties Extension (Not verified) NVIDIA Corporation c:\windows\system32\nvcpl.dll Play on my TV helper NVIDIA Display Properties Extension (Not verified) NVIDIA Corporation c:\windows\system32\nvcpl.dll Desktop Explorer NVIDIA Desktop Explorer, Version 61.77 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll Desktop Explorer Menu NVIDIA Desktop Explorer, Version 61.77 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll nView Desktop Context Menu NVIDIA Desktop Explorer, Version 61.77 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll Nokia Phone Browser Nokia Phone Browser (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\components\phonebrowsercomponents\nokiaphonebrowser.dll Contact View Nokia Phone Browser Contact View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\components\phonebrowsercomponents\contactview.dll Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll Samsung YP-N30Shell Hook Samsung YP-N30 Player Shell Extension (Not verified) Samsung Electronics Co., LTD. c:\windows\system32\ypn30h.dll iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll Yahoo! Mail YMMAPI Module (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks yt.dll Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn5\yt.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar yt.dll Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn5\yt.dll 230 USB-Handset Manager Ad-Aware SE Personal Adobe Download Manager 2.0 (Remove Only) Adobe Reader 7.0.8 Adobe® Photoshop® Album Starter Edition 3.0 ArcSoft VideoImpression 2 AVG Anti-Spyware 7.5 BT Broadband Desktop Help BT Voyager 205 ADSL Router BT Yahoo! Applications ccCommon CCleaner (remove only) CleanUp! C-Media WDM Audio Driver Digital Camera Driver Disc2Phone Free Registry Fix 3.9 HijackThis 1.99.1 InterActual Player Internet Worm Protection iPod for Windows 2005-06-26 iPod for Windows 2006-01-10 iPod for Windows 2006-03-23 iPod for Windows 2006-06-28 iTunes J2SE Runtime Environment 5.0 Update 9 Kaspersky Online Scanner Macromedia Flash Player 8 Macromedia Flash Player 8 Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office XP Professional with FrontPage Mozilla Firefox (2.0) MSN Messenger 7.5 MSN Toolbar MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) Nokia Connectivity Cable DKU-2 Drivers Nokia PC Suite 6.1 Norton AntiVirus 2006 Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update NVIDIA Drivers Panda ActiveScan PowerDVD QuickTime RealPlayer Record Smart 1.0 Registry Mechanic RichFX Player Samsung YP-N30 Sony Ericsson Software SPBBC Spybot - Search & Destroy 1.3 Spyware Doctor 3.1 Symantec TomTom HOME Trust WB-3500T USB2 Webcam WinAVI VideoConverter Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888240 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 ZoneAlarm Logfile of HijackThis v1.99.1 Scan saved at 11:18:41, on 04/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Yahoo!\NAV\navapsvc.exe C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\btbb_wcm\McciTrayApp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\WgaTray.exe C:\PROGRA~1\Yahoo!\YOP\secstat.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\PROGRA~1\Yahoo!\browser\ybrowser.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O15 - Trusted Zone: www.myspace.com O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136908161459 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE I hope this is everything you asked for.